diff --git a/cyberpanel_upgrade_monolithic.sh b/cyberpanel_upgrade_monolithic.sh index 1c7243cd6..5f4a2d8a7 100644 --- a/cyberpanel_upgrade_monolithic.sh +++ b/cyberpanel_upgrade_monolithic.sh @@ -794,6 +794,7 @@ EOF dnf clean metadata --disablerepo='*' --enablerepo=mariadb 2>/dev/null || true # MariaDB 10 -> 11 or 11 -> 12: RPM scriptlet blocks in-place upgrade; do manual stop, remove old server, install target, start, mariadb-upgrade MARIADB_OLD_10=$(rpm -qa 'MariaDB-server-10*' 2>/dev/null | head -1) + [[ -z "$MARIADB_OLD_10" ]] && MARIADB_OLD_10=$(rpm -qa 2>/dev/null | grep -E '^MariaDB-server-10\.' | head -1) MARIADB_OLD_11=$(rpm -qa 'MariaDB-server-11*' 2>/dev/null | head -1) # Also detect 11.x by package version (e.g. MariaDB-server-11.8.6-1.el9) [[ -z "$MARIADB_OLD_11" ]] && MARIADB_OLD_11=$(rpm -qa 'MariaDB-server*' 2>/dev/null | grep -E 'MariaDB-server-11\.' | head -1) @@ -807,7 +808,7 @@ EOF rpm -e "$MARIADB_OLD_10" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-client MariaDB-devel 2>/dev/null || true mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -821,7 +822,7 @@ EOF rpm -e "$MARIADB_OLD_11" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-client MariaDB-devel 2>/dev/null || true mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -844,7 +845,7 @@ EOF rpm -e "$STILL_11" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-client MariaDB-devel 2>/dev/null || true mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -854,7 +855,11 @@ EOF fi # Allow local client to connect without SSL (11.x client defaults to SSL; 10.x server may not have it) mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + # Ensure main my.cnf has [client] without SSL when server has SSL disabled (ERROR 2026 fix) + if [[ -f /etc/my.cnf ]] && ! grep -q '^\[client\]' /etc/my.cnf 2>/dev/null; then + echo -e "\n[client]\nssl=0\nskip-ssl" >> /etc/my.cnf + fi # Optional: migrate from latin1 to UTF-8 (utf8mb4) when --migrate-to-utf8 and 11.x/12.x if [[ "$Migrate_MariaDB_To_UTF8_Requested" = "yes" ]] && { [[ "$MARIADB_VER_REPO" =~ ^11\. ]] || [[ "$MARIADB_VER_REPO" =~ ^12\. ]]; }; then Migrate_MariaDB_To_UTF8 @@ -879,6 +884,7 @@ EOF # Install/upgrade MariaDB from our repo (any version: 10.11, 11.8, 12.x). Manual path for 10->11 and 11->12. MARIADB_OLD_10_AL9=$(rpm -qa 'MariaDB-server-10*' 2>/dev/null | head -1) + [[ -z "$MARIADB_OLD_10_AL9" ]] && MARIADB_OLD_10_AL9=$(rpm -qa 2>/dev/null | grep -E '^MariaDB-server-10\.' | head -1) MARIADB_OLD_11_AL9=$(rpm -qa 'MariaDB-server-11*' 2>/dev/null | head -1) [[ -z "$MARIADB_OLD_11_AL9" ]] && MARIADB_OLD_11_AL9=$(rpm -qa 'MariaDB-server*' 2>/dev/null | grep -E 'MariaDB-server-11\.' | head -1) if [[ -n "$MARIADB_OLD_10_AL9" ]] && { [[ "$MARIADB_VER_REPO" =~ ^11\. ]] || [[ "$MARIADB_VER_REPO" =~ ^12\. ]]; }; then @@ -890,7 +896,7 @@ EOF rpm -e "$MARIADB_OLD_10_AL9" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-devel 2>/dev/null || dnf install -y mariadb-server mariadb-devel mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -904,7 +910,7 @@ EOF rpm -e "$MARIADB_OLD_11_AL9" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-devel 2>/dev/null || dnf install -y mariadb-server mariadb-devel mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -916,7 +922,7 @@ EOF fi # Allow local client to connect without SSL mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true # Install additional required packages (omit curl - AlmaLinux 9 has curl-minimal, avoid conflict) dnf install -y wget unzip zip rsync firewalld psmisc git python3 python3-pip python3-devel 2>/dev/null || dnf install -y --allowerasing wget unzip zip rsync firewalld psmisc git python3 python3-pip python3-devel @@ -1354,6 +1360,13 @@ echo -e "[$(date +"%Y-%m-%d %H:%M:%S")] Running: $CP_PYTHON upgrade.py $Branch_N # Export Git user so upgrade.py clones from the same repo (master3395 or --repo override) export CYBERPANEL_GIT_USER="${Git_User:-usmannasir}" +# So upgrade.py can import plogical (it runs from /root/cyberpanel_upgrade_tmp) +export PYTHONPATH="/usr/local/CyberCP${PYTHONPATH:+:$PYTHONPATH}" + +# Run from dir that contains upgrade.py +for d in /root/cyberpanel_upgrade_tmp /usr/local/CyberCP; do + if [[ -f "$d/upgrade.py" ]]; then cd "$d" || true; break; fi +done # Run upgrade.py and capture output upgrade_output=$("$CP_PYTHON" upgrade.py "$Branch_Name" 2>&1) @@ -1421,7 +1434,8 @@ elif [[ "$Server_OS" = "openEuler" ]] ; then fi echo -e "[$(date +"%Y-%m-%d %H:%M:%S")] Running fallback: /usr/local/CyberPanelTemp/bin/python upgrade.py $Branch_Name" | tee -a /var/log/cyberpanel_upgrade_debug.log -export CYBERPANEL_GIT_USER="${Git_User:-master3395}" +export CYBERPANEL_GIT_USER="${Git_User:-usmannasir}" +export PYTHONPATH="/usr/local/CyberCP${PYTHONPATH:+:$PYTHONPATH}" /usr/local/CyberPanelTemp/bin/python upgrade.py "$Branch_Name" 2>&1 | tee -a /var/log/cyberpanel_upgrade_debug.log FALLBACK_CODE=$? echo -e "[$(date +"%Y-%m-%d %H:%M:%S")] Fallback upgrade returned code: $FALLBACK_CODE" | tee -a /var/log/cyberpanel_upgrade_debug.log @@ -1682,7 +1696,8 @@ Sync_CyberCP_To_Latest() { cd /usr/local/CyberCP git fetch origin 2>&1 | tee -a /var/log/cyberpanel_upgrade_debug.log if git show-ref -q "refs/remotes/origin/$Branch_Name"; then - git checkout -B "$Branch_Name" "origin/$Branch_Name" 2>&1 | tee -a /var/log/cyberpanel_upgrade_debug.log + # Force tree to match remote so local changes/untracked files do not block (settings.py restored below) + git reset --hard "origin/$Branch_Name" 2>&1 | tee -a /var/log/cyberpanel_upgrade_debug.log else git checkout "$Branch_Name" 2>/dev/null || true git pull --ff-only origin "$Branch_Name" 2>&1 | tee -a /var/log/cyberpanel_upgrade_debug.log || true diff --git a/install/install.py b/install/install.py index 975cead87..d53cf892a 100644 --- a/install/install.py +++ b/install/install.py @@ -2149,6 +2149,27 @@ module cyberpanel_ols { logging.InstallLog.writeToFile(error_msg) raise Exception(error_msg) + def _ensure_mariadb_client_no_ssl(self): + """Ensure MariaDB client connects without SSL (avoids ERROR 2026 when server has have_ssl=DISABLED).""" + client_cnf = "[client]\nssl=0\nskip-ssl\n" + try: + # RHEL/AlmaLinux: /etc/my.cnf.d/cyberpanel-client.cnf + if not os.path.exists('/etc/my.cnf.d'): + os.makedirs('/etc/my.cnf.d', mode=0o755, exist_ok=True) + with open('/etc/my.cnf.d/cyberpanel-client.cnf', 'w') as f: + f.write(client_cnf) + logging.InstallLog.writeToFile("Created /etc/my.cnf.d/cyberpanel-client.cnf (client SSL disabled)") + except Exception as e: + logging.InstallLog.writeToFile("_ensure_mariadb_client_no_ssl: /etc/my.cnf.d: %s" % str(e)) + try: + # Debian/Ubuntu: /etc/mysql/mariadb.conf.d/99-cyberpanel-client.cnf + if os.path.exists('/etc/mysql/mariadb.conf.d'): + with open('/etc/mysql/mariadb.conf.d/99-cyberpanel-client.cnf', 'w') as f: + f.write(client_cnf) + logging.InstallLog.writeToFile("Created /etc/mysql/mariadb.conf.d/99-cyberpanel-client.cnf (client SSL disabled)") + except Exception as e: + logging.InstallLog.writeToFile("_ensure_mariadb_client_no_ssl: mariadb.conf.d: %s" % str(e)) + def command_exists(self, command): """Check if a command exists in PATH""" try: @@ -3225,10 +3246,13 @@ module cyberpanel_ols { # all the other control panels allow # reference: https://oracle-base.com/articles/mysql/mysql-password-less-logins-using-option-files mysql_my_root_cnf = '/root/.my.cnf' + # Include skip-ssl/ssl=0 so client does not require SSL (avoids ERROR 2026 when server has have_ssl=DISABLED) mysql_root_cnf_content = """ [client] user=root password="%s" +ssl=0 +skip-ssl """ % password with open(mysql_my_root_cnf, 'w') as f: @@ -3239,6 +3263,10 @@ password="%s" logging.InstallLog.writeToFile("Updating /root/.my.cnf!") + # Ensure system-wide MariaDB client uses no SSL (all installs: avoids ERROR 2026 on servers with SSL disabled) + if self.remotemysql == 'OFF': + self._ensure_mariadb_client_no_ssl() + logging.InstallLog.writeToFile("Generating secure environment configuration!") # Determine the correct MySQL root password to use diff --git a/to-do/fix-phpmyadmin-mariadb-version-on-server.md b/to-do/fix-phpmyadmin-mariadb-version-on-server.md index fcc536990..b679bb53e 100644 --- a/to-do/fix-phpmyadmin-mariadb-version-on-server.md +++ b/to-do/fix-phpmyadmin-mariadb-version-on-server.md @@ -5,9 +5,11 @@ Run as root on the server: ```bash -# Allow mariadb client to connect without SSL (11.x client requires SSL by default) +# Allow mariadb client to connect without SSL (avoids ERROR 2026 when server has have_ssl=DISABLED) mkdir -p /etc/my.cnf.d -printf '[client]\nskip-ssl = true\n' > /etc/my.cnf.d/cyberpanel-client.cnf +printf '[client]\nssl=0\nskip-ssl\n' > /etc/my.cnf.d/cyberpanel-client.cnf +# If client still requires SSL, add [client] to main my.cnf (only if not already present) +grep -q '^\[client\]' /etc/my.cnf 2>/dev/null || echo -e "\n[client]\nssl=0\nskip-ssl" >> /etc/my.cnf # Now this should work and show the *actual* server version on 3306 mariadb -e "SELECT @@version;" diff --git a/upgrade_modules/05_repository.sh b/upgrade_modules/05_repository.sh index b8912689b..675169f75 100644 --- a/upgrade_modules/05_repository.sh +++ b/upgrade_modules/05_repository.sh @@ -261,6 +261,7 @@ EOF dnf clean metadata --disablerepo='*' --enablerepo=mariadb 2>/dev/null || true # MariaDB 10 -> 11 or 11 -> 12: RPM scriptlet blocks in-place upgrade; do manual stop, remove old server, install target, start, mariadb-upgrade MARIADB_OLD_10=$(rpm -qa 'MariaDB-server-10*' 2>/dev/null | head -1) + [[ -z "$MARIADB_OLD_10" ]] && MARIADB_OLD_10=$(rpm -qa 2>/dev/null | grep -E '^MariaDB-server-10\.' | head -1) MARIADB_OLD_11=$(rpm -qa 'MariaDB-server-11*' 2>/dev/null | head -1) # Also detect 11.x by package version (e.g. MariaDB-server-11.8.6-1.el9) [[ -z "$MARIADB_OLD_11" ]] && MARIADB_OLD_11=$(rpm -qa 'MariaDB-server*' 2>/dev/null | grep -E 'MariaDB-server-11\.' | head -1) @@ -274,7 +275,7 @@ EOF rpm -e "$MARIADB_OLD_10" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-client MariaDB-devel 2>/dev/null || true mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -288,7 +289,7 @@ EOF rpm -e "$MARIADB_OLD_11" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-client MariaDB-devel 2>/dev/null || true mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -311,7 +312,7 @@ EOF rpm -e "$STILL_11" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-client MariaDB-devel 2>/dev/null || true mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -321,7 +322,11 @@ EOF fi # Allow local client to connect without SSL (11.x client defaults to SSL; 10.x server may not have it) mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + # Ensure main my.cnf has [client] without SSL when server has SSL disabled (ERROR 2026 fix) + if [[ -f /etc/my.cnf ]] && ! grep -q '^\[client\]' /etc/my.cnf 2>/dev/null; then + echo -e "\n[client]\nssl=0\nskip-ssl" >> /etc/my.cnf + fi # Optional: migrate from latin1 to UTF-8 (utf8mb4) when --migrate-to-utf8 and 11.x/12.x if [[ "$Migrate_MariaDB_To_UTF8_Requested" = "yes" ]] && { [[ "$MARIADB_VER_REPO" =~ ^11\. ]] || [[ "$MARIADB_VER_REPO" =~ ^12\. ]]; }; then Migrate_MariaDB_To_UTF8 @@ -346,6 +351,7 @@ EOF # Install/upgrade MariaDB from our repo (any version: 10.11, 11.8, 12.x). Manual path for 10->11 and 11->12. MARIADB_OLD_10_AL9=$(rpm -qa 'MariaDB-server-10*' 2>/dev/null | head -1) + [[ -z "$MARIADB_OLD_10_AL9" ]] && MARIADB_OLD_10_AL9=$(rpm -qa 2>/dev/null | grep -E '^MariaDB-server-10\.' | head -1) MARIADB_OLD_11_AL9=$(rpm -qa 'MariaDB-server-11*' 2>/dev/null | head -1) [[ -z "$MARIADB_OLD_11_AL9" ]] && MARIADB_OLD_11_AL9=$(rpm -qa 'MariaDB-server*' 2>/dev/null | grep -E 'MariaDB-server-11\.' | head -1) if [[ -n "$MARIADB_OLD_10_AL9" ]] && { [[ "$MARIADB_VER_REPO" =~ ^11\. ]] || [[ "$MARIADB_VER_REPO" =~ ^12\. ]]; }; then @@ -357,7 +363,7 @@ EOF rpm -e "$MARIADB_OLD_10_AL9" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-devel 2>/dev/null || dnf install -y mariadb-server mariadb-devel mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -371,7 +377,7 @@ EOF rpm -e "$MARIADB_OLD_11_AL9" --nodeps 2>/dev/null || true dnf install -y --enablerepo=mariadb MariaDB-server MariaDB-devel 2>/dev/null || dnf install -y mariadb-server mariadb-devel mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true systemctl start mariadb 2>/dev/null || true sleep 2 mariadb-upgrade -u root 2>/dev/null || true @@ -383,7 +389,7 @@ EOF fi # Allow local client to connect without SSL mkdir -p /etc/my.cnf.d - printf "[client]\nskip-ssl = true\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true + printf "[client]\nssl=0\nskip-ssl\n" > /etc/my.cnf.d/cyberpanel-client.cnf 2>/dev/null || true # Install additional required packages (omit curl - AlmaLinux 9 has curl-minimal, avoid conflict) dnf install -y wget unzip zip rsync firewalld psmisc git python3 python3-pip python3-devel 2>/dev/null || dnf install -y --allowerasing wget unzip zip rsync firewalld psmisc git python3 python3-pip python3-devel