Tim Heger's picture

I am looking to configure ProcessMaker on the LAMP appliance however it doesn't work with PHP 5.3.  How do I downgrade to 5.2?  Sorry if this is a newbie question - I don't want to mess up the appliance and all the nice features TKL has configured.

Thanks!

Tim

Forum: 
Liraz Siri's picture

I recommend you try using a legacy version of TurnKey LAMP. The 2009.10-2 version has PHP 5.2.4 I think. Actually downgrading the 11.1 version to PHP 5.2 could be more difficult than you imagine. One way would be to install PHP 5.2 from source and then reconfiguring Apache to use that.

Jeremy Davis's picture

Then I would suggest that you spend a bit of time with google (remember TKL v11.x is based on Ubuntu 10.04) and you will find plenty of tutorials about.

But as Liraz suggests I'm sure you will find plenty of gottchas and I certainly wouldn't recommend that approach for any mission critical work or even general production.

Even if you can get it to all work, the likelihood of something breaking at some point in the future are higher than you'd want for anything that's important. Also depending on how you install it, you'll possibly need to manually upgrade it every time a security vulnerability is discovered and fixed.

OTOH if you go with the TKL Legacy version (v2009.x) then you'll have older versions of stuff (which some consider bad) but the desired PHP version and you will still get security updates (from Cannonical until 2013, not sure of TKL future support for their legacy mini repo).

Tim Heger's picture

Found out today that ProcessMaker will be supporting PHP 5.3 on March 1 - so no need to try to mess with TKL LAMP... phew!


Jeremy Davis's picture

Currently these forums are English only. Please repost in English...

Alon Swartz's picture

Sourceforge (who graciously host our images) requested we delete old images due to the massive amount of storage the appliances consume on their mirrored network.

But, most legacy versions of TurnKey Core are still available for download, so you could get 2009.10-2 and customize it yourself.

Another option would be to deploy to Amazon EC2 via the TurnKey Hub (on the launch page click on the "legacy images" link.

If you need turnkey-X 2009.10-2 locally, I have an (untested) idea you might want to try. Do not do this on a production system without testing first!

  • Download turnkey-core 2009.10-2 and install locally.
  • Launch your desired turnkey legacy image via the Hub, initialize TKLBAM and perform a backup.
  • On your local installation, do a tklbam-restore of the legacy image running on EC2.
Jeremy Davis's picture

AFAIK only the Core appliance is still available (except perhaps via AWS - but not as a download).

Jeremy Davis's picture

No you won't find anything that old here sorry. 

In fact I wouldn't imagine that there are to many php5.2.x installs kicking about these days!? You could build an Ubuntu Hardy/8.04 LAMP server but I imagine that you'd need to build from scratch (although there's probably still plenty of old tutorials for that about online). But you only have about 3mths of support left so I wouldn't waste any time setting it up (because you soon won't be able to - That was released nearly 5yrs ago and 5yrs is the limit of security support - late April to be precise). And I don't know of any other distros that still run it....

Jeremy Davis's picture

And it blows my mind... I guess it probably shouldn't considering that IE6 lived way past it's useby date (and apparently actually increased it's marketshare last month!!)

I guess if you're making plugins then you don't want to exclude a significant proportion of your potential userbase.

Glad you've got it sorted, and really it's not hard to setup a vanilla Ubuntu (8.04/Hardy) LAMP stack. IIRC it is an option during install (although it's been a long time since I used vanilla Ubuntu server - and even longer since I played with vanilla Hardy).

Good luck with it all! :)

Nate's picture

curious if you found a solution to this using the hub? I'm in neeed of php 5.2 too!

Nate's picture

I need it for vtiger 5.1. I'm trying to migrate a 5.1 vtiger application that is customized to the hub, so I can't just upgrade vtiger 5.1 to 5.4. it without much much work. Thing is you can't run vtiger 5.1 using php 5.3, vtiger 5.1 will only run on php 5.2. So when I get code moved over and the databse in place it wont run. I researched it and verified it was php 5.3 . Vtiger 5.1 has no support for 5.3 and it breaks it with the white screen of death on any save. It almost works....

I launched both the new and legacy vtiger appliances. The legacy hub vtiger php isn't onld enough its PHP Version 5.3.2-1ubuntu4.18 .

So i'm in a bit of trouble.. and stuck.

Jeremy Davis's picture

Like I said above, it's not that hard to build it yourself.

It goes soemthing like this:

1) Download and install Ubuntu 8.04/Hardy (I'd suggest the x86 server ISO) from http://releases.ubuntu.com/8.04/

2) If you don't already have a Virtual Environment installed, I'd use VirtualBox - download for your host OS at https://www.virtualbox.org/wiki/Downloads (otherwise use whatever you have).

3) Install Ubuntu Hardy from ISO into a VM

4) Once installed and running install LAMP like this:

apt-get update && apt-get install apache2 mysql-server php5 php5-mysql

That should get you a bare bones LAMP stack up and running. Pretty easy huh!? But as per usual, the devil is in the details... You may need to do additional tweaks to get vTiger working but I imagine that old vTiger config info should be available (perhaps on a wiki and/or forum on their site? Perhaps somewhere else online?).

Also google is a great source of Linux info (arguably the best IMO). You can find out how to do almost anything Linux with google! If you get stuck feel free to post back, but please include as much info as possible about what you have done, where you got to and the exact wording of any errors you are having.

Good luck! :)

Nate's picture

Thanks you both for all your feedback. Much appreciated. I think http://virtualappliance.manthys.it/mva/lamp/default-en.htm would meet my needs jsut fine.

But how do I get a local vm up to Amazon / turnkey hub? If you could point me in the right direction..

Thanks!

 

Nate's picture

So I was thinking I could take the appliance Mike recommended (http://virtualappliance.manthys.it/mva/lamp/default-en.htm) (turnkey-lamp-2009.10-hardy-x86)

(which is exaclty what I needed) install tklbam on it, back it up, and then deploy the backup to the amazon cloud.

I installed it using the info here: http://www.turnkeylinux.org/blog/announcing-tklbam

backed it up, restored the backup to a new cloud server.  and that worked. But when when I loged into it. Its running lamp-12.0-squeeze-x86 and php 5.3. That sucks. I was expecting that to be running turnkey-lamp-2009.10-hardy-x86 .

If a backup redeployed into the cloud always has the newest stack I could see that making it really difficult and breaking all sorts of applications running on the servers. So how does that work in real life for people?

So I'm wondering just for my "newb" understanding why that is?

I guess I'll be trying to use the aws import tool next. But that's a bummer becasue I was wanting to use the hub and tklbam wiht it. 

If you have any ideas or can explain that to me,  let me know please. thanks!

 

Jeremy Davis's picture

It is a 'smart' backup which only includes data.

It was designed with Migration (the 'M' in TKLBAM) between TKL versions as part of it's usage scenario. If you go from one version of TKL to the next many of the appliances 'just work'. Some require some tweaking and adjustment (because of the difference between software versions).

Bottom line is that you are not going to be able to get this to run within the Hub easily. Having said that I'm sure you could spend a heap of time and energy researchng and hacking something together that may work in the Hub, but it's going to be some sort of Frankenstein server that I would not trust to be stable and reliable.

You could use something like this. But I would seriously recommend against it.

IMO you're going about this the wrong way. Personally I'd be putting the effort you're exerting into updating your data to work with the current TKL appliance (vTiger v5.4).

If you look at this you will see that as of late 2012, there are 8 known security vulnerabilities that affect vTiger v5.1 and as I said previously in this thread, security support for Ubuntu Hardy (what you'll need to use to get PHP v5.2) also ends in a few months (so no more security updates for any part of the OS post April). So not only will you be running a vunerable version of vTiger but you'll be doing it on a server with potentially vunerable versions of Apache, MySQL, PHP, SSH and I'd hate to think what else... IMO running something like that is asking for trouble.

If it were just a hobby site, then perhaps you could handle that risk. But assuming that you have customer's personal details stored in vTiger, the risk is just far too great IMO. Not only is it a risk that your server will get hijacked for malware distribution or similar, it is also a huge risk that your customers data might get stolen (potential for identity theft, etc?) Not a good business move at all... In fact I'd be inclined to go as far as suggesting that it is even irresponsible.

IMO the only safe way to run what you are trying to do is within a closed network (ie running within a LAN with external access by trusted people via VPC only).

I think Mike's need for php v5.2 (above) is a legitimate use case. However I hate to say it but I don't think your's is. I cannot suggest strongly enough that you bite the bullet and upgrade your data to work in a more recent appliance...

The only other thing to do IMO would be to compile PHP v5.2 yourself (on top of TKL v12). At least then the majority of the OS would be secure and stable. You'd only leave vTiger and PHP as attack vectors (so at least make it a smaller target). But again the work involved is too high IMO to create (and then support) old software - time/money would be better spent upgrading your data and mods to work with v5.4...

Nate's picture

 

you are so right, LOL. Up grading that vtiger build will be a hard long brutal process. I was hoping to postpone that for another day. But that may be what has to get done inevitably.

So let me ask you something: Say I took the compile PHP v5.2 yourself approach you think I could just lock vtiger down with directory security using  .htaccess and password security? What would be your opinion on that approach to minimize the php/vtiger vulnerabilities?

And if I did the compile on PHP v5.2 for TKL v12 do you think it would break anything in webadmin or the like in TKL v12?

I totally appreciate the feedback and the time you took writing that. It's solid advice, thanks again.

Jeremy Davis's picture

Although sometimes it's probably a bit more than 2c worth! :)

If you are planning to run this on the open internet then it definately needs doing at some point! And my feeling is why bother wasting the effort to get your current version running on the net, when you'll still need to upgrade vTiger at some point. But more about that below...

I'm no security expert, in fact I don't consider myself an IT or Linux expert at all. But I have been playing with this stuff for a few years now and have had websites compromised (I've had malware implanted on a site I ran, had a website hijacked and redirected to some dodgey pr0n site and had emails and passwords harvested for distribution of spam - although all that was before TKL) and it's not a nice feeling. It certainly doesn't engender trust with your customers either and I imagine could destroy a small business if you got negative publicity about it.

So IMO when you are dealing with customers and/or customer's data, the more you can lock down your appliance the better (even when using TKL off the shelf). And the smaller you can make the attack vectors the better! But you also need to consider usability, costs involved (both real and potential, in doing something and doing nothing). I'm sure that google will help you find plenty of info in locking down Apache, MySQL, PHP etc and if you find anything particularly great, feel free to post it and/or include it in the docs (they're a community editable wiki).

Downgrading PHP

Running PHP 5.2 itself alongside the existing PHP 5.3 shouldn't pose a huge issue if you compile from source, but I recommend testing on a disposable VM first. However I suspect that you will need to also compile any other modules as well (although who knows... perhaps some of the 5.3 modules will still work with 5.2?) A quick google turned up this tutorial which should get you started. Here is another tutorial that talks about installing all 3 versions of PHP (5.3, 5.3 & 5.4) alongside one another.

OTOH perhaps an eaiser way to install 5.2 would be to install from pre-build debs, as suggested in this tutorial. But because of naming (packages are named simply php5...) I suspect that you will need to purge the existing PHP version first (and not sure what effect that may have on other components of TKL). This tutorial may also be useful, however it is somewhat outdated (it uses the old Debian Lenny repos which AFAIK are no longer available - you'll need to use the dotdeb repos as discussed in the other tutorial). 

Please not I am not necessarily endorsing any of the tutorial links I've provided. I just found them with google and had a quick scan over them to pick obvious potential issues.

Migrating vTiger 5.1 -> 5.4

TBH though I still think that migration from vTiger 5.1 -> 5.4 would be time better spent. Then you will be able to leverage TKLBAM better... Having a quick look via google it doesn't seem that big a deal (although obviously I don't know what customisations you have made). There is a page discussing it on the vTiger wiki as well as a note that 5.4 includes a migration wizard (which apparently supports v5.1 - see the release announcement here).

To do that I would use the VM linked to above, install vTiger 5.1 (I'd install it to /var/www/vtiget51) and get it all running nicely. Then install 5.4 as well (I'd install to /var/www/vtiger) and migrate to it - using links above). Once you have that all working nicely, install TKLBAM (if you haven't already) and do a backup. Iinitially I'd try forcing it to use the vTiger profile (using the --force-profile switch - hence why installing 5.4 to /var/www/vtiger, that's where it's installed on the TKL v12 vTiger appliance). Hopefully you'll be all good to go then! :)

If you would like to further discuss vTiger migration I'm happy to help where I can, but I'd like to suggest that you should start a new thread (do a final post linking to the new thread and at the start of the new thread link back here for reference).

Regardless, good luck with it and I'd be interested to hear how you go with it all. :)

Add new comment