Issues with Sugar 13.0 and PHP 8.2 in Vagrant

Hi Robert Thomas,

Are you installing a fresh Sugar13 from our dev builds or is it a backup from your cloud?

There's no need to upgrade your vagrant image as they have what's needed to run (see Development Platforms.).

If you want PHP8.2, go with sugarcrm/php82es84.

Please let me know which build you are using so I can try it on my end and if there's something to be done in the image, I'll fix and update it so you can use.

This is a cloud backup. Also, Rafael, as I stated, I tried sugarcrm/php82es84. The reason for upgrading the images is for a true development environment, it needs to match up with the Live environment. I have a list of commands I have to run on Vagrant images to get them where they need to be for development and testing purposes. So far the images I have used have always been missing SSL and certain php mods that are required to match the live environment. Also, the images are too small to hold a live backup, so I have to also extend the storage for the vagrant image to work. Currently, I have been unable to get 13.0 to work with PHP 8.2.

Hi Robert Thomas,

Interesting, could you share what you change/run, so I can try to incorporate that in the core images going forward?

As for your statement "it needs to match up with the Live environment, not sure if I agree with it, as those images are supposed to match our Development Platforms for a particular release.

For example, upgrading to ES 8.7.1 and/or MySQL 8.0.33, you are running on a non-supported platform, you can do that but at your own risk, we did not certify Sugar on those.

If you find issues with the versions we release, let me know (as you are doing here) and I'll make sure those images get fixed and released.

I will add my scripts to this reply to help you understand what is missing from images. 

Yes, I might have went a version or two beyond what is certified, but that is besides the point when it comes to the issue I am having. If I am developing on more up to date image, I will run into issues for future updates and be able to address them before they can affect Live.

We are getting off track here. So far, 13.0 is not working on sugarcrm/php82es84, which is the suggested vagrant image for 13.0.

#Install VirtualBox and Vagrant
copy Vagrantfile <SUGAR_DIRECTORY>/Vagrantfile
cd <SUGAR_DIRECTORY>
vagrant plugin install vagrant-disksize
vagrant plugin install vagrant-vbguest
vagrant up

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

apt update

#add a new partition /dev/sda2 to add the extra free space
fdisk /dev/sda
pvcreate /dev/sda2
vgextend vagrant-vg /dev/sda2
lvextend -l +100%FREE /dev/vagrant-vg/root
resize2fs /dev/vagrant-vg/root

#enable ssl for apache using self signed certififcate
openssl req -x509 -newkey rsa:2048 -nodes -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt
chown root:ssl-cert /etc/ssl/private/server.key
chmod g+r /etc/ssl/private/server.key

#edit ssl-params.conf with these settings
nano /etc/apache2/conf-available/ssl-params.conf

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
# Disable preloading HSTS for now.  You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
#CSP policy is too restrictive and causes things not to load so keep commented out.
#Header always set Content-Security-Policy "default-src 'self'; script-src 'self'"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling off
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

a2enmod ssl
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/<Site-Name>.conf

#replace <Site-Name>.conf with these settings
<IfModule mod_ssl.c>
  Listen 8443
  <VirtualHost _default_:8443>
    ServerAdmin youremail.com
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on

    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
    #SSLCertificateChainFile path-to-intermediate-cert.crt 

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
      SSLOptions +StdEnvVars
    </Directory>
  </VirtualHost>
</IfModule>

#add SSLCertificateFile and SSLCertificateKeyFile to default-ssl.conf

a2enconf ssl-params
a2ensite default-ssl
a2ensite <Site-Name>
apachectl configtest
systemctl restart apache2

#install php_mysql for scheduler to work correctly
apt install php-mysql php-zip php-xml php-bcmath

# up the max RAM to 1G from 512M
nano /etc/php/8.*/apache2/php.ini

#Prepare to extract backup file from Sugar
gunzip *.sugarondemand.com.*ent.*.tar.gz
tar -xf *.sugarondemand.com.*ent.*.tar

#Add DBA user
mysql -u root -p
CREATE USER '[Username]'@'%' IDENTIFIED BY '[Password]';
GRANT ALL PRIVILEGES ON *.* TO '[Username]'@'%' WITH GRANT OPTION;

#Import database
mysqladmin -u root -p create sugarcrmdev

mysql -u root sugarcrmdev -p
CREATE USER 'sugarcrmdev'@'localhost' IDENTIFIED BY '[Password]';
GRANT ALL PRIVILEGES ON sugarcrmdev.* TO 'sugarcrmdev'@'localhost';

mysql -u root sugarcrmdev -p < *.sugarondemand.com.*ent.*/sugar*ent.sql
#Import database triggers
mysql -u root sugarcrmdev -p < *.sugarondemand.com.*ent.*/sugar*ent_triggers.sql

#Move all the site files into Apache
#mkdir /var/www/html/sugarcrmdev
cp -Rf *.sugarondemand.com.*ent.*/sugar*ent/* /var/www/html/sugar

#change admin password
mysql -u root sugarcrmdev -p 
UPDATE users SET user_hash = '$2y$10$ua6PicOvqyYMKgOR6gzFcub.Z5s40j6moWRH4oaO.Ef667lz.nb0m', status = 'Active' WHERE user_name = 'admin';
#log into that admin account using the password "Password123"

#make sure php versions match between Apache and system.
update-alternatives --config php

#recreate all indices for Elasticsearch to work
bin/sugarcrm search:silent_reindex_mp --clearData

#setup cron job for scheduler to run
crontab -e 
*    *    *    *    *     cd /var/www/html/sugar; /usr/bin/php -f cron.php > /dev/null 2>&1

#turn on Activity Stream Purge and Prune Database on 1st of Month jobs in Scheduler

#Go into the DB and switch all the HINT jobs in the scheduler table to Inactive to reduce junk log entries

I will add my scripts to this reply to help you understand what is missing from images. 

Yes, I might have went a version or two beyond what is certified, but that is besides the point when it comes to the issue I am having. If I am developing on more up to date image, I will run into issues for future updates and be able to address them before they can affect Live.

We are getting off track here. So far, 13.0 is not working on sugarcrm/php82es84, which is the suggested vagrant image for 13.0.

#Install VirtualBox and Vagrant
copy Vagrantfile <SUGAR_DIRECTORY>/Vagrantfile
cd <SUGAR_DIRECTORY>
vagrant plugin install vagrant-disksize
vagrant plugin install vagrant-vbguest
vagrant up

wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | sudo gpg --dearmor -o /usr/share/keyrings/elasticsearch-keyring.gpg

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/7.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-7.x.list

echo "deb [signed-by=/usr/share/keyrings/elasticsearch-keyring.gpg] https://artifacts.elastic.co/packages/8.x/apt stable main" | sudo tee /etc/apt/sources.list.d/elastic-8.x.list

apt update

#add a new partition /dev/sda2 to add the extra free space
fdisk /dev/sda
pvcreate /dev/sda2
vgextend vagrant-vg /dev/sda2
lvextend -l +100%FREE /dev/vagrant-vg/root
resize2fs /dev/vagrant-vg/root

#enable ssl for apache using self signed certififcate
openssl req -x509 -newkey rsa:2048 -nodes -keyout /etc/ssl/private/server.key -out /etc/ssl/certs/server.crt
chown root:ssl-cert /etc/ssl/private/server.key
chmod g+r /etc/ssl/private/server.key

#edit ssl-params.conf with these settings
nano /etc/apache2/conf-available/ssl-params.conf

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH
SSLProtocol All -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLHonorCipherOrder On
# Disable preloading HSTS for now.  You can use the commented out header line that includes
# the "preload" directive if you understand the implications.
# Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
#CSP policy is too restrictive and causes things not to load so keep commented out.
#Header always set Content-Security-Policy "default-src 'self'; script-src 'self'"
Header always set X-Content-Type-Options nosniff
Header always set X-XSS-Protection "1; mode=block"
# Requires Apache >= 2.4
SSLCompression off
SSLUseStapling off
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
# Requires Apache >= 2.4.11
SSLSessionTickets Off

a2enmod ssl
cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/<Site-Name>.conf

#replace <Site-Name>.conf with these settings
<IfModule mod_ssl.c>
  Listen 8443
  <VirtualHost _default_:8443>
    ServerAdmin youremail.com
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on

    SSLCertificateFile /etc/ssl/certs/server.crt
    SSLCertificateKeyFile /etc/ssl/private/server.key
    #SSLCertificateChainFile path-to-intermediate-cert.crt 

    <FilesMatch "\.(cgi|shtml|phtml|php)$">
      SSLOptions +StdEnvVars
    </FilesMatch>
    <Directory /usr/lib/cgi-bin>
      SSLOptions +StdEnvVars
    </Directory>
  </VirtualHost>
</IfModule>

#add SSLCertificateFile and SSLCertificateKeyFile to default-ssl.conf

a2enconf ssl-params
a2ensite default-ssl
a2ensite <Site-Name>
apachectl configtest
systemctl restart apache2

#install php_mysql for scheduler to work correctly
apt install php-mysql php-zip php-xml php-bcmath

# up the max RAM to 1G from 512M
nano /etc/php/8.*/apache2/php.ini

#Prepare to extract backup file from Sugar
gunzip *.sugarondemand.com.*ent.*.tar.gz
tar -xf *.sugarondemand.com.*ent.*.tar

#Add DBA user
mysql -u root -p
CREATE USER '[Username]'@'%' IDENTIFIED BY '[Password]';
GRANT ALL PRIVILEGES ON *.* TO '[Username]'@'%' WITH GRANT OPTION;

#Import database
mysqladmin -u root -p create sugarcrmdev

mysql -u root sugarcrmdev -p
CREATE USER 'sugarcrmdev'@'localhost' IDENTIFIED BY '[Password]';
GRANT ALL PRIVILEGES ON sugarcrmdev.* TO 'sugarcrmdev'@'localhost';

mysql -u root sugarcrmdev -p < *.sugarondemand.com.*ent.*/sugar*ent.sql
#Import database triggers
mysql -u root sugarcrmdev -p < *.sugarondemand.com.*ent.*/sugar*ent_triggers.sql

#Move all the site files into Apache
#mkdir /var/www/html/sugarcrmdev
cp -Rf *.sugarondemand.com.*ent.*/sugar*ent/* /var/www/html/sugar

#change admin password
mysql -u root sugarcrmdev -p 
UPDATE users SET user_hash = '$2y$10$ua6PicOvqyYMKgOR6gzFcub.Z5s40j6moWRH4oaO.Ef667lz.nb0m', status = 'Active' WHERE user_name = 'admin';
#log into that admin account using the password "Password123"

#make sure php versions match between Apache and system.
update-alternatives --config php

#recreate all indices for Elasticsearch to work
bin/sugarcrm search:silent_reindex_mp --clearData

#setup cron job for scheduler to run
crontab -e 
*    *    *    *    *     cd /var/www/html/sugar; /usr/bin/php -f cron.php > /dev/null 2>&1

#turn on Activity Stream Purge and Prune Database on 1st of Month jobs in Scheduler

#Go into the DB and switch all the HINT jobs in the scheduler table to Inactive to reduce junk log entries

Well it seems this is a major problem, since this has turned into the most viewed thread.

Hi Robert Thomas,

yeah it is a problem and I'm fixing it, most of the ubuntu packages in that image weren't installed correctly back when I built it.

I'm working on a new version, and will let you and all know, when I'm done.