Unattended Automatic Virtualmin installation

22 posts / 0 new
Last post
#1 Fri, 06/23/2017 - 05:43
gerhard

Unattended Automatic Virtualmin installation

I am using Virtualmin for a while now. I tried to reinstall as well as install another host with Virtualmin. I came across the "Automated Installation" and was very, very excited. I immediately thought of an unattended automatic way to deploy Virtualmin on the server.

Sadly I had to learn that the "Automated Installation" is doing a great job installing and configuring everything ... but not in a fully automated / unattended way.

Now my Question, ...

Is there any plan on providing a way of fully automated non-interactive installation of Virtualmin? That would be great for automation of system setup via puppet/ansible/... and other tools.

I have seen a few command line options in the install.sh but none that avoided all the interactive questions.

Fri, 06/23/2017 - 18:05
Joe
Joe's picture
VIRTUALMIN_NONINTERACTIVE=1 /bin/sh install.sh

I believe the -f command line flag is also supposed to do this, but, looking at the code, I see I may have broken it at some point. There is a new installer being released for Virtualmin 6, which allows more precise control over the installation and can also be used noninteractively. But, the above should do the trick. If it doesn't, it's a bug that should be reported. (Note, however, that your system had better be ready for Virtualmin because it won't be able to do anything about a missing FQDN or other stuff being wrong on the system.)

--

Check out the forum guidelines!

Sun, 07/09/2017 - 12:32
gerhard

Hi,

Yes, the -f option was what I tried. I will try the environment variable as soon as I can and will get back to you. :)

As a Info: I try to automate the setup as much as I can. This includes the automatic installation of Virtualmin. I try to achive this via Ansible. This is why I try to do it unattended.

Sun, 07/09/2017 - 16:06 (Reply to #3)
Joe
Joe's picture

You'll like the new installer once everything is finished. It's designed to be easier to use with config management systems. I'm even planning to make some playbooks for the popular ones, to make it easier.

--

Check out the forum guidelines!

Mon, 07/10/2017 - 01:34
gerhard

That sounds awesome!! :)

Do you have an idea when you will be ready? If it is soon, I will just wait and not bother with the old installer. No pressure!

If you want me to test it, let me know. ;)

Wed, 10/04/2017 - 07:58
andypic

Is there any progress on this, or documentation? Ideally I'd like to pre set all the installation parameters and do an unattended install (using ansible for he rest of the server setup)

Wed, 10/04/2017 - 16:19 (Reply to #6)
Joe
Joe's picture

What specifically were you waiting on progress on? The -f option was fixed probably the same day I responded. ;-)

You can get help for the available options from install.sh by running it with the --help flag.

Usage:  install.sh [options]

  If called without arguments, installs Virtualmin Professional.

  --uninstall|-u - Removes all Virtualmin packages (do not use on a production system)
  --help|-h - This message
  --force|-f - Skip confirmation message
  --hostname|-n - Set fully qualified hostname
  --verbose|-v - Verbose
  --setup|-s - Setup software repositories and exit (no installation or configuration)
  --minimal|-m - Install a smaller subset of packages for low-memory/low-resource systems
  --bundle|-b <name> - Choose bundle to install (LAMP or LEMP, defaults to LAMP)

If you want more precision than the bundles and --minimal flag provide, you'll need to use the --setup flag and install all the deps as part of your Ansible recipe, and then run the relevant virtualmin config-system bits using the --include flag. But, the more off the beaten path you go, the more you'll need to know about how all the pieces work together. I'm happy to answer specific questions about custom installations. But, for general "I want this to automatically install", just choose a bundle and run install.sh and let it do its thing.

Also, make sure you've got a fully qualified domain name on your systems either before running it or set it with the --hostname option! This isn't really optional if you want stuff like mail and DNS to work well when it's done. The force option will bypass the hostname check (and nearly every other check), so it's possible to end up with a broken install if the system isn't ready.

--

Check out the forum guidelines!

Thu, 10/05/2017 - 01:08
andypic

Thanks that's really helpful!

  1. Is there anything else to setup on a newly deployed server except for the FQDN? Last time I did the interactive install which failed - I seem to remember I needed to go back and install MySQL and set a password? I'm basically using anisble to to setup up my server with SSH keys for root access, WITHOUT any root password, and creating an additional sudo user with a password but no ssh login access. I've got a feeling that if I run the installer as root, I'll encounter the same issue - can I set the mysql password in advance, or choose another user?

  2. I want to use the minimal install, and I don't want any mail, spam assassin or dns services at all. Is this what the minimal install will give, or can I set some options with --setup to remove these services?

  3. Do you have any sample ansible roles that I could take a look at?

Appreciate the fast reply!! Love virtualmin!!

install.sh --force --hostname example.com --minimal

Thu, 10/05/2017 - 03:52 (Reply to #8)
Joe
Joe's picture

1.

The postinstall wizard still wants to run after an automated install. I can probably add a mode to the virtualmin config-system command where you can set all the bits you want to set a little more easily. You won't need to install MySQL (or Mariadb, depending on the distribution). But, you will need to let Virtualmin know your MySQL password so it can manage the databases.

You can set the MySQL root password after installation using the virtualmin set-mysql-pass --user root --pass NEWPASS command.

All of the other stuff in the wizard can be done manually...it's not totally obvious how, though, and there isn't currently a command for it. But, now that I'm thinking about it, we can work on that. It's not a big stretch from what virtualmin config-system already does; it's occasionally arbitrary what we ask about in the wizard and what we set by default in the config-system process.

2.

--minimal install does not include spamassassin, ClamAV, AWStats, Webalizer...and maybe a couple of others. It does currently include DNS and the rest of the mail stack (we always need a local Postfix for things like notifications and such, even if we're not hosting any local mail). You can disable those features after the fact, though there is not option during install to disable them.

If you used --setup, you have to choose everything yourself. That mode does one thing: Enables the Virtualmin repositories. Beyond that, you'd need to make a list of packages to install, and you'd need to construct your own prefered list of virtualmin config-system plugins to execute. All of these bits and pieces are open in our github, so you can see what our installer does, and where the dependencies come from.

The dependencies we install come from here (for CentOS; there are metapackages for Ubuntu and Debian):

https://github.com/virtualmin/virtualmin-yum-groups

There's a group for each "type" of install, LAMP, LEMP, LAMP Minimal, LEMP Minimal.

Then the configuration comes from the Virtualmin-Config tool. If you look in this directory, you can see the four install targets (LAMP, LEMP, MiniLAMP, MiniLEMP):

https://github.com/virtualmin/Virtualmin-Config/tree/master/lib/Virtualm...

Each of those has a list of plugins that get run to configure stuff. You can run individual plugins once everything is installed by using the virtualmin config-system command, like this:

# virtualmin config-system --include Apache

This is, for now, the easiest way to build up a fully custom installation that leaves out a bunch of stuff. Though keep in mind that even the other bundles are still a lot less tested than the default LAMP bundle. They're only a couple months old. And, completely new combinations are even less tested.

I probably should have actually called --minimal something else, but I'm not sure what it should be called instead. Everybody seems to have different ideas about what "minimal" means. I wrote a post a few days ago about my philosophy on the minimal mode, and it basically sums up to "Big things can GTFO, we're keeping the small stuff and the stuff we need to do all the usual activities with fewer features." So, you can still run all the services, you just can't scan mail, do log analysis, or have fail2ban. (That post is here, if you're curious: https://www.virtualmin.com/node/53753 )

--

Check out the forum guidelines!

Mon, 10/09/2017 - 03:54
andypic

Thanks for you help on this - getting closer now!

  1. Firstly, the install went smoothly and I decided to use virtualmin disable-feature --mail --dns --ftp --webalizer --all-domains to get rid of some packages instead of installing what I wanted. Perfect!

  2. After install, I can open the web interface in my browser, but I can't log in (using the root user - 'login failed please try again'). Any ideas what this could be? I can log in via SSH without issues.

  3. You say that 'You won't need to install MySQL' - is this because you're assuming mysql is installed already and the virtualmin installer doesn't install mysql? I'm guessing the command virtualmin set-mysql-pass --user root --pass NEWPASS just tells virtualmin the information and doesn't actually setup a mysql user/pass itself?

Thanks!

Mon, 10/09/2017 - 19:11 (Reply to #10)
Joe
Joe's picture

"After install, I can open the web interface in my browser, but I can't log in (using the root user - 'login failed please try again'). Any ideas what this could be? I can log in via SSH without issues."

Check the /var/webmin/miniserv.error log for clues. Webmin has brute force protection, which can kick in if you mistyped the password a few times. It'll be removed after a timeout, something like five or ten minutes.

"You say that 'You won't need to install MySQL' - is this because you're assuming mysql is installed already and the virtualmin installer doesn't install mysql? I'm guessing the command virtualmin set-mysql-pass --user root --pass NEWPASS just tells virtualmin the information and doesn't actually setup a mysql user/pass itself?"

I meant if you use any of the install modes, it'll install MySQL or MariaDB (whatever is the standard on the distro in question). It's in the dependencies for all install modes. If you were using --setup you'd need to install everything you want, including MySQL.

--

Check out the forum guidelines!

Tue, 10/10/2017 - 03:28
andypic

OK making some progress:

  1. Ansible wasn't actually changing the root user password - got that fixed now.

  2. Using the virtualmin set-mysql-pass command throws the error below. It looks like there is the same issue here (https://www.virtualmin.com/node/22440), and the solution is to login to mysql and change the root password there - but that seems to defeat the point of this command if it has to be done manually? I tried to change it after the post-install wizard suggested I set a root password too, but this also throws the same error: "Failed to change administration password : SQL set password for 'root'@'localhost' = password('$$$$$$$') failed : The MySQL server is running with the --skip-grant-tables option so it cannot execute this statement"

Any ideas?

Starting MySQL server with authentication disabled .. .. done Changing the password for user root .. .. password change failed : mysql::execute_sql failed : DBI connect failed : Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) at ../web-lib-funcs.pl line 1433. Stopping the MySQL server with authentication disabled .. .. shutdown failed : mysqladmin: connect to server at 'localhost' failed error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)' Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists! ERROR: .. shutdown failed : mysqladmin: connect to server at 'localhost' failed error: 'Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2)' Check that mysqld is running and that the socket: '/var/run/mysqld/mysqld.sock' exists!

Wed, 10/11/2017 - 01:33
andypic

OK - I found a work around. Need to stop mysql server, create /var/run/mysqld folder, then run virtualmin set-mysql-pass --user root --pass NEWPASS finally restart the mysql server. Is this a bug in the set-mysql-pass command? One would think it would pause mysql and create the server itself?

Wed, 10/11/2017 - 05:44 (Reply to #13)
Joe
Joe's picture

Are you using the CentOS mariadb package, or are you using a third-party mysql package? (I realize now that may be a source of confusion in this conversation...I use the terms "mysql" to refer to whatever comes with the OS under discussion, because we treat them nearly identically (and everybody else can, too).

But, if you've actually got a third-party MySQL package there, you'll need to configure Webmin in the MySQL module to know where it lives (click the gear in the MySQL module to configure it...once you have all the options right, you'll want to just copy the /etc/webmin/mysql/config as part of your deployment process, assuming you're using the same third-party package everywhere). If you're getting this error with the default mariadb packages, then we have a bug on our end. That command should Just Work, if you have the default mysql/mariadb (mariadb in the case of CentOS 7) package we install.

--

Check out the forum guidelines!

Wed, 10/11/2017 - 07:48 (Reply to #14)
Jfro

I have had some troubles to MARIA DB PASS with several install.sh 's after about end of August. ( fresh installed trying several times till 6-9-2017) don't know wich were working or had download problems ( that time nights sometimes the virtualmin downloads out of the install where not fully functional or got timeouts) or my own failures as newbee) Did some reainstall and also some better working older snapshots.

But for sure then if some others have problems to MARIADB pass there must be a thing, sorry i don't rembember wich order and so on. I ended up in command line mariadb self changing pass en so on.. ;) ( also had to kill manually some)

Fresh installs centos 7.3 VM6 gpl then

Wed, 10/11/2017 - 08:04 (Reply to #15)
Joe
Joe's picture

MariaDB on CentOS 7 has a problem where sometimes setting the password doesn't work the first time. If you back up in the install wizard (immediately go back to the previous screen when you get an error) and do it again, it will work (at least it always does for me). We have not yet been able to figure out why it fails sometimes on the first try.

You shouldn't need to do anything complicated; just go back one step and do it again if you get an error. We're still trying to figure it out. AFAIK this only affects CentOS 7 and MariaDB.

--

Check out the forum guidelines!

Wed, 10/11/2017 - 08:09 (Reply to #16)
Jfro

Yea i tried that but with then other settings things so therefore gone wrong, and thought ok hmm :( .

I didn't tried the same settings and password, i think, mostly when i am sure what i did and error i don't try that exact same thing again without changing things before.

So good to know now. thanks ;)

Wed, 10/11/2017 - 05:48
andypic

I'm using Ubuntu 16.04. No idea what package virtualmin installs in that case, but it seems to be stock mysql, whatever that is.

Wed, 10/11/2017 - 06:41 (Reply to #18)
Joe
Joe's picture

Oh! You revived an old thread. Don't do that. Start a new thread, especially if your system doesn't match the one the topic was started about.

There were some quirks in how Webmin detected the init system on Ubuntu (all versions), as they did a lot of weird stuff in their transition from init->upstart->systemd, so we've been misdetecting the init system on Ubuntu in a variety of ways since some time in the 15.xx release cycle. I don't know if that'd cause misbehavior with MySQL (I'm pretty sure MySQL is what we install there). Can you browse to the MySQL module and see if it knows how to stop/start the server?

--

Check out the forum guidelines!

Wed, 10/11/2017 - 08:41
andypic

Umm the OP didn't mention the OS... I also wasn't clear initially about my OS. What am I looking for in the MySQL module exactly (regarding starting / stopping)? The normal command is just 'service mysql start/stop'

Wed, 10/11/2017 - 09:03 (Reply to #20)
Joe
Joe's picture

Original post was about CentOS (Edit: actually, we don't know what the original distro was! it was yet another comment that identified their distro as CentOS!). It's not a big deal, I was just confused (the database landscape is one of the areas of real difference across the various distributions we support).

I mean does it work? When you start/stop mysql from within (using the buttons) the Webmin MySQL module, does it do what it is supposed to? That's the first step to making sure the configuration Webmin has for the database is correct (it can still be wrong if the config file path is wrong, maybe some other things...I'm working from memory here).

--

Check out the forum guidelines!

Fri, 10/20/2017 - 02:03
andypic

yup - on the system information > server status > MySQL Database Server, starting and stopping works perfectly. Just using the cli : virtualmin set-mysql-pass --user root --pass {{ new_password }} requires manually starting and stopping mysql.

Thanks for your help by the way, I've got this working very well with Ansible now, just the issue above that does not quite work as expected.