[rt-users] RT with RHEL4
Phil Lawrence
prlawrence at Lehigh.EDU
Fri Jun 3 10:31:41 EDT 2005
Michael T. Halligan wrote:
> Has anybody had any luck with RHEL4 & RT?
You bet. Easy as pie. Here's my install notes, heavily based on the wiki:
Installing RT on RHEL 4 with FastCGI and MySQL:
RHEL4 INSTALL
Boot from RHEL4 CD 1
When partitioning, click "Configure advanced boot loader options"
add vga=773 (or whatever) to kernal parms
Firewall on, allow SSH, HTTP & HTTPS, SMTP
SELINUX=disabled
Customize software packages to be installed
Pick "minimal" set of packages
reboot
SETUP up2date
# rpm --import /usr/share/rhn/RPM-GPG-KEY
upgrade all (you'll be prompted to accept rhndefault
settings, and for your rhn user info)
# up2date -u
add needed stuff
# up2date \
httpd-devel \
mod_ssl \
mysql \
mysqlclient10 \
mysql-server \
mysql-devel \
gcc \
system-switch-mail \
postfix
add stuff I like
# up2date \
screen \
rcs \
vim-enhanced
Now we switch from Sendmail to Postscript
# system-switch-mail
start screen (if you like)
# screen
Install FastCGI...
# cd /usr/local/src
# wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz
# gunzip mod_fastcgi-2.4.2.tar.gz
# tar -xvf mod_fastcgi-2.4.2.tar
# cd mod_fastcgi-2.4.2
# cp Makefile.AP2 Makefile
# edit Makefile:
###Modify for location of apache 2 installation:
top_dir = /etc/httpd
# make
# make install
FastCGI wants to have a place to put its logs, and permission to do so:
# mkdir /etc/httpd/logs/fastcgi
# mkdir /etc/httpd/logs/fastcgi/dynamic
# chown apache:apache /etc/httpd/logs/fastcgi
# chown apache:apache /etc/httpd/logs/fastcgi/dynamic
Do initial configure for apache
# cd /etc/httpd/conf
# ci -l httpd.conf
# vim httpd.conf
# rcsdiff httpd.conf
===================================================================
RCS file: httpd.conf,v
retrieving revision 1.1
diff -r1.1 httpd.conf
189a190
> LoadModule fastcgi_module modules/mod_fastcgi.so
Start apache
# service httpd start
Check Apache logs to make sure fastcgi started
- Should see no lines with [error] referencing FastCGI
- Should see one line indicating a [notice] and the pid of FastCGI
[notice] FastCGI: process manager initialized (pid 3478)
# cat /var/log/httpd/error_log
If it worked...
# ci -u /etc/httpd/conf/httpd.conf
NOTE: always check the group ownership and permissions of files after
you perform rcs operations on them... I think your effective ID can
screw things up, and then you've got to chgrp or whatever.
Set apache and mysql to start automatically
# chkconfig httpd on
# chkconfig mysqld on
Turn on MySQL server, set MySQL root password...
# service mysqld start
# mysqladmin -u root password some_new_password
Do initial CPAN setup
# cd
# perl -MCPAN -e shell
Policy on building prerequisites (follow, ask or ignore)? [ask] follow
cpan> install Bundle::CPAN
cpan> quit
RT Pre-Install...
RT requires its own group, so let's add it now lest we forget:
# groupadd rt
RT gets initiated by apache, so add apache to the rt group:
# vim /etc/group
# grep ^rt /etc/group
rt:x:500:apache
Confirm selinux is disabled
# grep ^SELINUX= /etc/selinux/config
SELINUX=disabled
Change permissions on /etc/httpd/logs from within
$ cd /etc/httpd/logs
$ chmod 755 .
Install latest RT
# cd /usr/local/src
# wget http://download.bestpractical.com/pub/rt/release/rt-3.4.2.tar.gz
# gunzip rt.tar.gz
# tar -xvf rt.tar
# cd rt-3.4.2/
Set up the makefile for us with the proper settings:
# ./configure \
--with-web-user=apache \
--with-web-group=apache \
--with-mysql \
--with-fastcgi
Show us what's missing and what's not:
# perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose
Try to install what's missing for us through CPAN:
# perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
Test again and only show us the MISSING items this time:
# perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
| grep MISSING
MIME::Entity won't install without MIME::Base64, so install that first
# perl -MCPAN -e 'install MIME::Base64'
Now install MIME::Entity:
# perl -MCPAN -e 'install MIME::Entity'
Try to install anything else missing for us:
# perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
Test again and make sure nothing is MISSING:
# perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
| grep MISSING
NOTE: I chose to skip running the Apache test suite to
simplify things. YMMV.
Assuming everything is present and it's a go, install and intialize
database...
# make install
Make a copy of the dist config file to edit:
# cp /opt/rt3/etc/RT_Config.pm /opt/rt3/etc/RT_SiteConfig.pm
Edit your RT config file for your purposes:
# cd /opt/rt3/etc
# ci -l RT_SiteConfig.pm
# vim RT_SiteConfig.pm
# rcsdiff RT_SiteConfig.pm
===================================================================
RCS file: RT_SiteConfig.pm,v
retrieving revision 1.1
diff -r1.1 RT_SiteConfig.pm
27c27
< Set($rtname , "example.com");
---
> Set($rtname , "rt");
33c33
< Set($Organization , "example.com");
---
> Set($Organization , "foo.edu");
66c66
< Set($DatabasePassword , 'rt_pass');
---
> Set($DatabasePassword , 'foo');
122c122
< Set($ParseNewMessageForTicketCcs , undef);
---
> Set($ParseNewMessageForTicketCcs , 1);
127c127
< Set($RTAddressRegexp , '^rt\@example.com$');
---
> Set($RTAddressRegexp , '(?i)rt\.bar\.Foo\.EDU$');
215c215
< Set($UseFriendlyToLine , 0);
---
> Set($UseFriendlyToLine , 1);
274c274
< Set($WebPath , "");
---
> Set($WebPath , "/rt");
279c279
< Set($WebBaseURL , "http://RT::WebBaseURL.not.configured:80");
---
> Set($WebBaseURL , "http://rt.bar.foo.edu:80");
303c303
< Set($MessageBoxWrap, "HARD");
---
> Set($MessageBoxWrap, "SOFT");
Initialize Database
# cd /usr/local/src/rt-3.4.2
# make initialize-database
Now edit your Apache config file some more:
# cd /etc/httpd/conf
# co -l httpd.conf
# vim httpd.conf
# rcsdiff httpd.conf
===================================================================
RCS file: httpd.conf,v
retrieving revision 1.2
diff -r1.2 httpd.conf
1023a1024,1040
>
> NameVirtualHost *:80
> <VirtualHost *:80>
> ServerAdmin root
> DocumentRoot /var/www/html/
> # Adding the following for RT (the ticket tracker)
> AddHandler fastcgi-script fcgi
> <Directory "/opt/rt3/share/html">
> Options FollowSymLinks ExecCGI
> AllowOverride None
> </Directory>
> # Pass through requests to display images
> Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
> </VirtualHost>
> FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
> ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi
>
Restart Apache and test:
# service httpd restart
Assuming it works:
# ci -u /opt/rt3/etc/RT_SiteConfig.pm
# ci -u /etc/httpd/conf/httpd.conf
Set up SSL cert
# cd /etc/httpd/conf
# openssl genrsa \
-des3 \
-out ssl.key/rt.bar.foo.edu.key \
1024
Note the password you used for this key!
# openssl req \
-new \
-key ssl.key/rt.bar.foo.edu.key \
-out ssl.csr/rt.bar.foo.edu.csr
Self-sign
# openssl x509 \
-req \
-in ssl.csr/rt.bar.foo.edu.csr \
-signkey ssl.key/rt.bar.foo.edu.key \
-out ssl.crt/rt.bar.foo.edu.crt
Edit ssl.conf...
# cd /etc/httpd/conf.d
# ci -l ssl.conf
# vim ssl.conf
Here's the skinny
# grep -v ^# ssl.conf | grep -v ^$
LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl .crl
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
DocumentRoot "/opt/rt3/share/html"
ServerName rt.bar.foo.edu:443
ErrorLog /var/log/httpd/rt.bar.foo.edu_error
CustomLog /var/log/httpd/rt.bar.foo.edu-access_log common
LogLevel warn
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.bar.foo.edu.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.bar.foo.edu.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
<Directory "/opt/rt3/share/html">
SSLOptions +StdEnvVars
Options FollowSymLinks ExecCGI
AllowOverride None
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
AddHandler fastcgi-script fcgi
ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
<Location />
AddDefaultCharset UTF-8
</Location>
</VirtualHost>
# cd /etc/httpd/conf
# co -l httpd.conf
# vim httpd.conf
# tail -n 7 httpd.conf
FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
NameVirtualHost *:80
<VirtualHost *:80>
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
</VirtualHost>
Modify RT config to now serve out of root dir
# cd /opt/rt3/etc/
# vim RT_SiteConfig.pm
# rcsdiff RT_SiteConfig.pm
===================================================================
RCS file: RT_SiteConfig.pm,v
retrieving revision 1.2
diff -r1.2 RT_SiteConfig.pm
274c274
< Set($WebPath , "/rt");
---
> Set($WebPath , "");
Makes sure your firewall is ready for HTTPS
# iptables -L
# system-config-securitylevel-tui
test it out (you'll be prompted for your .key file passphrase)
# service httpd restart
Assuming it all worked
# ci -u /etc/httpd/conf.d/ssl.conf
# ci -u /etc/httpd/conf/httpd.conf
# ci -u /opt/rt3/etc/RT_SiteConfig.pm
MAIL SETUP
edit config files
# cd /etc/postfix
# ci -l main.cf
# vim main.cf
# rcsdiff main.cf
===================================================================
RCS file: main.cf,v
retrieving revision 1.1
diff -r1.1 main.cf
106c106
< #inet_interfaces = all
---
> inet_interfaces = all
109c109
< inet_interfaces = localhost
---
> #inet_interfaces = localhost
200c200,201
< #local_recipient_maps =
---
> local_recipient_maps =
> virtual_alias_maps = hash:/etc/mail/virtusertable
437c438
< #mailbox_command = /some/where/procmail
---
> mailbox_command = /usr/bin/procmail
# cd /etc/mail
# ci -l virtusertable
# vim virtusertable
# cat virtusertable
postmaster at rt.bar.foo.edu postmaster
@rt.bar.foo.edu rt_dispatcher
# ci -l local-host-names
# vim local-host-names
# cat local-host-names
# rcsdiff local-host-names
===================================================================
RCS file: local-host-names,v
retrieving revision 1.1
diff -r1.1 local-host-names
1a2
> rt.BAR.Foo.EDU
rt-mailgate will be talking with RT over HTTPS, so we need Crypt::SSLeay
# up2date perl-Crypt-SSLeay
per http://www.geert.triple-it.nl/node/rt_procmail.html...
Create an account which is to gather all RT-mail.
# useradd rt_dispatcher -G rt
Create utility perl scripts and the .procmailrc
# su - rt_dispatcher
$ vim get_action.pl
$ cat get_action.pl
#!/usr/bin/env perl
@arr = <STDIN>;
$action = "correspond";
foreach (@arr) {
if (/\s*.*<([^@]+)-comment at .*>/g) {
$action = "comment";
} else {
if (/\s*([^@]+)-comment at .*/g) {
$action = "comment";
}
}
}
print "$action";
$ chmod 700 get_action.pl
$ ci -u get_action.pl
$ vim get_queue.pl
$ cat get_queue.pl
#!/usr/bin/env perl
@arr = <STDIN>;
$queue = 'general';
foreach (@arr) {
if (/\s*.*<([^@]+)@.*>/g) {
$queue = $1;
} else {
if (/\s*([^@]+)@.*/g) {
$queue= $1;
}
}
}
if ($queue =~ /(.*)-comment/)
{
$queue = $1;
}
print "$queue";
$ chmod 700 get_queue.pl
$ ci -u get_queue.pl
$ vim .procmailrc
$ cat .procmailrc
#Preliminaries
SHELL=/bin/bash
MAILDIR=${HOME}
LOGFILE=${MAILDIR}/procmail.log
LOG="--- Logging ${LOGFILE} for ${LOGNAME}, "
VERBOSE=yes
MAILDOMAIN=rt.bar.foo.edu
RT_MAILGATE="/opt/rt3/bin/rt-mailgate"
RT_URL="https://rt.bar.foo.edu"
LOGABSTRACT=all
:0
{
# the following line extracts the recipient from Received-headers.
# Simply using the To: does not work, as tickets are often created
# by sending a CC/BCC to RT
TO=`formail -c -xReceived: |grep $MAILDOMAIN |sed -e 's/.*for
*<*\(.*\)>* *;.*$/\1/'`
QUEUE=`echo $TO| $HOME/get_queue.pl`
ACTION=`echo $TO| $HOME/get_action.pl`
:0 Wa
| $RT_MAILGATE --queue $QUEUE --action $ACTION --url $RT_URL
}
$ chmod 600 .procmailrc
$ ci -u .procmailrc
$ exit
# service postfix restart
# postmap hash:/etc/mail/virtusertable
Now, using a web browser, log into RT as root (pass: password) and:
- CHANGE the password!
- create a test queue, e.g.
Queue Name: test_queue
Description: Queue for Testing
Reply Address: test_queue
Comment Address: test_queue-comment
- create a test user with an email address that you control
- Create group 'FOO Staff'
- Configuration | Global | Group Rights
Everyone:
CreateTicket
ModifySelf
ReplyToTicket
SeeQueue
Requestor:
ShowTicket
FOO Staff:
AssignCustomFields
CommentOnTicket
CreateSavedSearch
DeleteTicket
EditSavedSearches
LoadSavedSearch
ModifyCustomField
ModifyTicket
OwnTicket
ReplyToTicket
SeeCustomField
SeeGroup
ShowOutgoingEmail
ShowSavedSearches
ShowTicket
ShowTicketComments
StealTicket
TakeTicket
Watch
- send an email to test_queue at rt.bar.foo.edu from the test user's
email account
There's loads more after this, but it starts to get real specific to our
customizations.
More information about the rt-users
mailing list