[rt-users] RT with RHEL4

Michael T. Halligan michael at halligan.org
Tue Jun 7 15:47:20 EDT 2005


Well, I've made some progress (mainly, more proof that RedHat sucks).

My main problem that I"m running into is this error :

Couldn't untar 
/root/.cpan/sources/authors/id/M/MS/MSCHWERN/Test-Inline-0.16.tar

that happens when I run : perl sbin/rt-test-dependencies --with-mysql 
--with-fastcgi --install

Does anybody have an idea what's happening here? It happens on every 
module, and apparently
request tracker needs about 80 modules to work.

Is there not a better way (besides switching to debian)


Phil Lawrence wrote:

> Michael T. Halligan wrote:
>
>> Has anybody had any luck with RHEL4 & RT? 
>
>
> You bet.  Easy as pie.  Here's my install notes, heavily based on the 
> wiki:
> Installing RT on RHEL 4 with FastCGI and MySQL:
>
> RHEL4 INSTALL
> Boot from RHEL4 CD 1
>
> When partitioning, click "Configure advanced boot loader options"
> add vga=773 (or whatever) to kernal parms
>
> Firewall on, allow SSH, HTTP & HTTPS, SMTP
> SELINUX=disabled
>
> Customize software packages to be installed
> Pick "minimal" set of packages
>
> reboot
>
> SETUP up2date
> # rpm --import /usr/share/rhn/RPM-GPG-KEY
>
> upgrade all (you'll be prompted to accept rhndefault
>  settings, and for your rhn user info)
> # up2date -u
>
> add needed stuff
> # up2date         \
>   httpd-devel     \
>   mod_ssl         \
>   mysql           \
>   mysqlclient10   \
>   mysql-server    \
>   mysql-devel     \
>   gcc             \
>   system-switch-mail \
>   postfix
>
> add stuff I like
> # up2date         \
>   screen          \
>   rcs             \
>   vim-enhanced
>
> Now we switch from Sendmail to Postscript
> # system-switch-mail
>
> start screen (if you like)
> # screen
>
> Install FastCGI...
> # cd /usr/local/src
> # wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz
> # gunzip mod_fastcgi-2.4.2.tar.gz
> # tar -xvf mod_fastcgi-2.4.2.tar
> # cd mod_fastcgi-2.4.2
> # cp Makefile.AP2 Makefile
> # edit Makefile:
>     ###Modify for location of apache 2 installation:
>     top_dir      = /etc/httpd
> # make
> # make install
>
> FastCGI wants to have a place to put its logs, and permission to do so:
> # mkdir /etc/httpd/logs/fastcgi
> # mkdir /etc/httpd/logs/fastcgi/dynamic
> # chown apache:apache /etc/httpd/logs/fastcgi
> # chown apache:apache /etc/httpd/logs/fastcgi/dynamic
>
> Do initial configure for apache
> # cd /etc/httpd/conf
> # ci -l httpd.conf
> # vim httpd.conf
> # rcsdiff httpd.conf
> ===================================================================
> RCS file: httpd.conf,v
> retrieving revision 1.1
> diff -r1.1 httpd.conf
> 189a190
> > LoadModule fastcgi_module modules/mod_fastcgi.so
>
> Start apache
> # service httpd start
>
> Check Apache logs to make sure fastcgi started
>   - Should see no lines with [error] referencing FastCGI
>   - Should see one line indicating a [notice] and the pid of FastCGI
>      [notice] FastCGI: process manager initialized (pid 3478)
> # cat /var/log/httpd/error_log
>
> If it worked...
> # ci -u /etc/httpd/conf/httpd.conf
>
> NOTE:  always check the group ownership and permissions of files after 
> you perform rcs operations on them...  I think your effective ID can 
> screw things up, and then you've got to chgrp or whatever.
>
> Set apache and mysql to start automatically
> # chkconfig httpd on
> # chkconfig mysqld on
>
> Turn on MySQL server, set MySQL root password...
> # service mysqld start
> # mysqladmin -u root password some_new_password
>
>
> Do initial CPAN setup
> # cd
> # perl -MCPAN -e shell
>
> Policy on building prerequisites (follow, ask or ignore)? [ask] follow
>
> cpan> install Bundle::CPAN
> cpan> quit
>
> RT Pre-Install...
> RT requires its own group, so let's add it now lest we forget:
> # groupadd rt
>
> RT gets initiated by apache, so add apache to the rt group:
> # vim /etc/group
> # grep ^rt /etc/group
> rt:x:500:apache
>
> Confirm selinux is disabled
> # grep ^SELINUX= /etc/selinux/config
> SELINUX=disabled
>
> Change permissions on /etc/httpd/logs from within
> $ cd /etc/httpd/logs
> $ chmod 755 .
>
> Install latest RT
> # cd /usr/local/src
> # wget http://download.bestpractical.com/pub/rt/release/rt-3.4.2.tar.gz
> # gunzip rt.tar.gz
> # tar -xvf rt.tar
> # cd rt-3.4.2/
>
> Set up the makefile for us with the proper settings:
> # ./configure \
>     --with-web-user=apache \
>     --with-web-group=apache \
>     --with-mysql \
>     --with-fastcgi
>
> Show us what's missing and what's not:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose
>
> Try to install what's missing for us through CPAN:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
>
> Test again and only show us the MISSING items this time:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
>   | grep MISSING
>
> MIME::Entity won't install without MIME::Base64, so install that first
> # perl -MCPAN -e 'install MIME::Base64'
>
> Now install MIME::Entity:
> # perl -MCPAN -e 'install MIME::Entity'
>
> Try to install anything else missing for us:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
>
> Test again and make sure nothing is MISSING:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
>   | grep MISSING
>
> NOTE: I chose to skip running the Apache test suite to
>  simplify things.  YMMV.
>
> Assuming everything is present and it's a go, install and intialize 
> database...
> # make install
>
> Make a copy of the dist config file to edit:
> # cp /opt/rt3/etc/RT_Config.pm /opt/rt3/etc/RT_SiteConfig.pm
>
> Edit your RT config file for your purposes:
> # cd /opt/rt3/etc
> # ci -l RT_SiteConfig.pm
> # vim RT_SiteConfig.pm
> # rcsdiff RT_SiteConfig.pm
> ===================================================================
> RCS file: RT_SiteConfig.pm,v
> retrieving revision 1.1
> diff -r1.1 RT_SiteConfig.pm
> 27c27
> < Set($rtname , "example.com");
> ---
> > Set($rtname , "rt");
> 33c33
> < Set($Organization , "example.com");
> ---
> > Set($Organization , "foo.edu");
> 66c66
> < Set($DatabasePassword , 'rt_pass');
> ---
> > Set($DatabasePassword , 'foo');
> 122c122
> < Set($ParseNewMessageForTicketCcs , undef);
> ---
> > Set($ParseNewMessageForTicketCcs , 1);
> 127c127
> < Set($RTAddressRegexp , '^rt\@example.com$');
> ---
> > Set($RTAddressRegexp , '(?i)rt\.bar\.Foo\.EDU$');
> 215c215
> < Set($UseFriendlyToLine , 0);
> ---
> > Set($UseFriendlyToLine , 1);
> 274c274
> < Set($WebPath , "");
> ---
> > Set($WebPath , "/rt");
> 279c279
> < Set($WebBaseURL , "http://RT::WebBaseURL.not.configured:80");
> ---
> > Set($WebBaseURL , "http://rt.bar.foo.edu:80");
> 303c303
> < Set($MessageBoxWrap, "HARD");
> ---
> > Set($MessageBoxWrap, "SOFT");
>
> Initialize Database
> # cd /usr/local/src/rt-3.4.2
> # make initialize-database
>
> Now edit your Apache config file some more:
> # cd /etc/httpd/conf
> # co -l httpd.conf
> # vim httpd.conf
> # rcsdiff httpd.conf
> ===================================================================
> RCS file: httpd.conf,v
> retrieving revision 1.2
> diff -r1.2 httpd.conf
> 1023a1024,1040
> >
> > NameVirtualHost *:80
> > <VirtualHost *:80>
> >   ServerAdmin root
> >   DocumentRoot /var/www/html/
> >   # Adding the following for RT (the ticket tracker)
> >   AddHandler fastcgi-script fcgi
> >   <Directory "/opt/rt3/share/html">
> >     Options FollowSymLinks ExecCGI
> >     AllowOverride None
> >   </Directory>
> >   # Pass through requests to display images
> >   Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
> > </VirtualHost>
> > FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
> > ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi
> >
>
> Restart Apache and test:
> # service httpd restart
>
> Assuming it works:
> # ci -u /opt/rt3/etc/RT_SiteConfig.pm
> # ci -u /etc/httpd/conf/httpd.conf
>
> Set up SSL cert
> # cd /etc/httpd/conf
> # openssl genrsa                    \
>    -des3                            \
>    -out ssl.key/rt.bar.foo.edu.key  \
>    1024
> Note the password you used for this key!
>
> # openssl req  \
>    -new                             \
>    -key ssl.key/rt.bar.foo.edu.key  \
>    -out ssl.csr/rt.bar.foo.edu.csr
>
> Self-sign
> # openssl x509  \
>    -req                                 \
>    -in       ssl.csr/rt.bar.foo.edu.csr \
>    -signkey  ssl.key/rt.bar.foo.edu.key \
>    -out      ssl.crt/rt.bar.foo.edu.crt
>
> Edit ssl.conf...
> # cd /etc/httpd/conf.d
> # ci -l ssl.conf
> # vim ssl.conf
>
> Here's the skinny
> # grep -v ^# ssl.conf | grep -v ^$
> LoadModule ssl_module modules/mod_ssl.so
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl    .crl
> SSLPassPhraseDialog  builtin
> SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout  300
> SSLMutex default
> SSLRandomSeed startup file:/dev/urandom  256
> SSLRandomSeed connect builtin
> SSLCryptoDevice builtin
> <VirtualHost _default_:443>
> DocumentRoot "/opt/rt3/share/html"
> ServerName rt.bar.foo.edu:443
> ErrorLog /var/log/httpd/rt.bar.foo.edu_error
> CustomLog /var/log/httpd/rt.bar.foo.edu-access_log common
> LogLevel warn
> SSLEngine on
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.bar.foo.edu.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.bar.foo.edu.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>     SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
>     SSLOptions +StdEnvVars
> </Directory>
> <Directory "/opt/rt3/share/html">
>     SSLOptions +StdEnvVars
>     Options FollowSymLinks ExecCGI
>     AllowOverride None
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
>          nokeepalive ssl-unclean-shutdown \
>          downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> Alias /NoAuth/images/   /opt/rt3/share/html/NoAuth/images/
> AddHandler fastcgi-script fcgi
> ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
> <Location />
>         AddDefaultCharset UTF-8
> </Location>
> </VirtualHost>
>
>
> # cd /etc/httpd/conf
> # co -l httpd.conf
> # vim httpd.conf
> # tail -n 7 httpd.conf
> FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
> NameVirtualHost *:80
> <VirtualHost *:80>
>   RewriteEngine on
>   RewriteCond %{SERVER_PORT} ^80$
>   RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
> </VirtualHost>
>
> Modify RT config to now serve out of root dir
> # cd /opt/rt3/etc/
> # vim RT_SiteConfig.pm
> # rcsdiff RT_SiteConfig.pm
> ===================================================================
> RCS file: RT_SiteConfig.pm,v
> retrieving revision 1.2
> diff -r1.2 RT_SiteConfig.pm
> 274c274
> < Set($WebPath , "/rt");
> ---
> > Set($WebPath , "");
>
>
> Makes sure your firewall is ready for HTTPS
> # iptables -L
> # system-config-securitylevel-tui
>
> test it out (you'll be prompted for your .key file passphrase)
> # service httpd restart
>
> Assuming it all worked
> # ci -u /etc/httpd/conf.d/ssl.conf
> # ci -u /etc/httpd/conf/httpd.conf
> # ci -u /opt/rt3/etc/RT_SiteConfig.pm
>
> MAIL SETUP
> edit config files
> # cd /etc/postfix
> # ci -l main.cf
> # vim main.cf
> # rcsdiff main.cf
> ===================================================================
> RCS file: main.cf,v
> retrieving revision 1.1
> diff -r1.1 main.cf
> 106c106
> < #inet_interfaces = all
> ---
> > inet_interfaces = all
> 109c109
> < inet_interfaces = localhost
> ---
> > #inet_interfaces = localhost
> 200c200,201
> < #local_recipient_maps =
> ---
> > local_recipient_maps =
> > virtual_alias_maps = hash:/etc/mail/virtusertable
> 437c438
> < #mailbox_command = /some/where/procmail
> ---
> > mailbox_command = /usr/bin/procmail
>
> # cd /etc/mail
> # ci -l virtusertable
> # vim virtusertable
> # cat virtusertable
> postmaster at rt.bar.foo.edu postmaster
> @rt.bar.foo.edu rt_dispatcher
>
> # ci -l local-host-names
> # vim local-host-names
> # cat local-host-names
> # rcsdiff local-host-names
> ===================================================================
> RCS file: local-host-names,v
> retrieving revision 1.1
> diff -r1.1 local-host-names
> 1a2
> > rt.BAR.Foo.EDU
>
> rt-mailgate will be talking with RT over HTTPS, so we need Crypt::SSLeay
> # up2date perl-Crypt-SSLeay
>
> per http://www.geert.triple-it.nl/node/rt_procmail.html...
> Create an account which is to gather all RT-mail.
> # useradd rt_dispatcher -G rt
>
> Create utility perl scripts and the .procmailrc
> # su - rt_dispatcher
> $ vim get_action.pl
> $ cat get_action.pl
> #!/usr/bin/env perl
>
> @arr = <STDIN>;
> $action = "correspond";
> foreach (@arr) {
>         if (/\s*.*<([^@]+)-comment at .*>/g) {
>                 $action = "comment";
>         } else {
>                 if (/\s*([^@]+)-comment at .*/g) {
>                         $action = "comment";
>                 }
>         }
> }
> print "$action";
> $ chmod 700 get_action.pl
> $ ci -u get_action.pl
>
> $ vim get_queue.pl
> $ cat get_queue.pl
> #!/usr/bin/env perl
>
> @arr = <STDIN>;
> $queue = 'general';
> foreach (@arr) {
>         if (/\s*.*<([^@]+)@.*>/g) {
>                 $queue = $1;
>                 } else {
>                         if (/\s*([^@]+)@.*/g) {
>                                 $queue= $1;
>                         }
>                 }
>         }
> if ($queue =~ /(.*)-comment/)
> {
>         $queue = $1;
> }
> print "$queue";
> $ chmod 700 get_queue.pl
> $ ci -u get_queue.pl
>
> $ vim .procmailrc
> $ cat .procmailrc
> #Preliminaries
> SHELL=/bin/bash
> MAILDIR=${HOME}
> LOGFILE=${MAILDIR}/procmail.log
> LOG="--- Logging ${LOGFILE} for ${LOGNAME}, "
> VERBOSE=yes
> MAILDOMAIN=rt.bar.foo.edu
> RT_MAILGATE="/opt/rt3/bin/rt-mailgate"
> RT_URL="https://rt.bar.foo.edu"
>
> LOGABSTRACT=all
>
>
> :0
> {
> # the following line extracts the recipient from Received-headers.
> # Simply using the To: does not work, as tickets are often created
> # by sending a CC/BCC to RT
> TO=`formail -c -xReceived: |grep $MAILDOMAIN |sed -e 's/.*for 
> *<*\(.*\)>* *;.*$/\1/'`
> QUEUE=`echo $TO| $HOME/get_queue.pl`
> ACTION=`echo $TO| $HOME/get_action.pl`
> :0 Wa
> | $RT_MAILGATE --queue $QUEUE --action $ACTION --url $RT_URL
> }
> $ chmod 600 .procmailrc
> $ ci -u .procmailrc
> $ exit
>
> # service postfix restart
> # postmap hash:/etc/mail/virtusertable
>
> Now, using a web browser, log into RT as root (pass: password) and:
>  - CHANGE the password!
>  - create a test queue, e.g.
>     Queue Name:       test_queue
>     Description:      Queue for Testing
>     Reply Address:    test_queue
>     Comment Address:  test_queue-comment
>  - create a test user with an email address that you control
>  - Create group 'FOO Staff'
>  - Configuration | Global | Group Rights
>     Everyone:
>         CreateTicket
>         ModifySelf
>         ReplyToTicket
>         SeeQueue
>                
>     Requestor:
>         ShowTicket
>     FOO Staff:
>         AssignCustomFields
>         CommentOnTicket
>         CreateSavedSearch
>         DeleteTicket
>         EditSavedSearches
>         LoadSavedSearch
>         ModifyCustomField
>         ModifyTicket
>         OwnTicket
>         ReplyToTicket
>         SeeCustomField
>         SeeGroup
>         ShowOutgoingEmail
>         ShowSavedSearches
>         ShowTicket
>         ShowTicketComments
>         StealTicket
>         TakeTicket
>         Watch
>
>  - send an email to test_queue at rt.bar.foo.edu from the test user's 
> email account
>
> There's loads more after this, but it starts to get real specific to 
> our customizations.
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT Wiki at http://wiki.bestpractical.com



-- 
-------------------
BitPusher, LLC
http://www.bitpusher.com/
1.888.9PUSHER
(415) 724.7998 - Mobile





More information about the rt-users mailing list