[rt-users] RT with RHEL4
Michael T. Halligan
michael at halligan.org
Tue Jun 7 15:47:20 EDT 2005
Well, I've made some progress (mainly, more proof that RedHat sucks).
My main problem that I"m running into is this error :
Couldn't untar
/root/.cpan/sources/authors/id/M/MS/MSCHWERN/Test-Inline-0.16.tar
that happens when I run : perl sbin/rt-test-dependencies --with-mysql
--with-fastcgi --install
Does anybody have an idea what's happening here? It happens on every
module, and apparently
request tracker needs about 80 modules to work.
Is there not a better way (besides switching to debian)
Phil Lawrence wrote:
> Michael T. Halligan wrote:
>
>> Has anybody had any luck with RHEL4 & RT?
>
>
> You bet. Easy as pie. Here's my install notes, heavily based on the
> wiki:
> Installing RT on RHEL 4 with FastCGI and MySQL:
>
> RHEL4 INSTALL
> Boot from RHEL4 CD 1
>
> When partitioning, click "Configure advanced boot loader options"
> add vga=773 (or whatever) to kernal parms
>
> Firewall on, allow SSH, HTTP & HTTPS, SMTP
> SELINUX=disabled
>
> Customize software packages to be installed
> Pick "minimal" set of packages
>
> reboot
>
> SETUP up2date
> # rpm --import /usr/share/rhn/RPM-GPG-KEY
>
> upgrade all (you'll be prompted to accept rhndefault
> settings, and for your rhn user info)
> # up2date -u
>
> add needed stuff
> # up2date \
> httpd-devel \
> mod_ssl \
> mysql \
> mysqlclient10 \
> mysql-server \
> mysql-devel \
> gcc \
> system-switch-mail \
> postfix
>
> add stuff I like
> # up2date \
> screen \
> rcs \
> vim-enhanced
>
> Now we switch from Sendmail to Postscript
> # system-switch-mail
>
> start screen (if you like)
> # screen
>
> Install FastCGI...
> # cd /usr/local/src
> # wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz
> # gunzip mod_fastcgi-2.4.2.tar.gz
> # tar -xvf mod_fastcgi-2.4.2.tar
> # cd mod_fastcgi-2.4.2
> # cp Makefile.AP2 Makefile
> # edit Makefile:
> ###Modify for location of apache 2 installation:
> top_dir = /etc/httpd
> # make
> # make install
>
> FastCGI wants to have a place to put its logs, and permission to do so:
> # mkdir /etc/httpd/logs/fastcgi
> # mkdir /etc/httpd/logs/fastcgi/dynamic
> # chown apache:apache /etc/httpd/logs/fastcgi
> # chown apache:apache /etc/httpd/logs/fastcgi/dynamic
>
> Do initial configure for apache
> # cd /etc/httpd/conf
> # ci -l httpd.conf
> # vim httpd.conf
> # rcsdiff httpd.conf
> ===================================================================
> RCS file: httpd.conf,v
> retrieving revision 1.1
> diff -r1.1 httpd.conf
> 189a190
> > LoadModule fastcgi_module modules/mod_fastcgi.so
>
> Start apache
> # service httpd start
>
> Check Apache logs to make sure fastcgi started
> - Should see no lines with [error] referencing FastCGI
> - Should see one line indicating a [notice] and the pid of FastCGI
> [notice] FastCGI: process manager initialized (pid 3478)
> # cat /var/log/httpd/error_log
>
> If it worked...
> # ci -u /etc/httpd/conf/httpd.conf
>
> NOTE: always check the group ownership and permissions of files after
> you perform rcs operations on them... I think your effective ID can
> screw things up, and then you've got to chgrp or whatever.
>
> Set apache and mysql to start automatically
> # chkconfig httpd on
> # chkconfig mysqld on
>
> Turn on MySQL server, set MySQL root password...
> # service mysqld start
> # mysqladmin -u root password some_new_password
>
>
> Do initial CPAN setup
> # cd
> # perl -MCPAN -e shell
>
> Policy on building prerequisites (follow, ask or ignore)? [ask] follow
>
> cpan> install Bundle::CPAN
> cpan> quit
>
> RT Pre-Install...
> RT requires its own group, so let's add it now lest we forget:
> # groupadd rt
>
> RT gets initiated by apache, so add apache to the rt group:
> # vim /etc/group
> # grep ^rt /etc/group
> rt:x:500:apache
>
> Confirm selinux is disabled
> # grep ^SELINUX= /etc/selinux/config
> SELINUX=disabled
>
> Change permissions on /etc/httpd/logs from within
> $ cd /etc/httpd/logs
> $ chmod 755 .
>
> Install latest RT
> # cd /usr/local/src
> # wget http://download.bestpractical.com/pub/rt/release/rt-3.4.2.tar.gz
> # gunzip rt.tar.gz
> # tar -xvf rt.tar
> # cd rt-3.4.2/
>
> Set up the makefile for us with the proper settings:
> # ./configure \
> --with-web-user=apache \
> --with-web-group=apache \
> --with-mysql \
> --with-fastcgi
>
> Show us what's missing and what's not:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose
>
> Try to install what's missing for us through CPAN:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
>
> Test again and only show us the MISSING items this time:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
> | grep MISSING
>
> MIME::Entity won't install without MIME::Base64, so install that first
> # perl -MCPAN -e 'install MIME::Base64'
>
> Now install MIME::Entity:
> # perl -MCPAN -e 'install MIME::Entity'
>
> Try to install anything else missing for us:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
>
> Test again and make sure nothing is MISSING:
> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
> | grep MISSING
>
> NOTE: I chose to skip running the Apache test suite to
> simplify things. YMMV.
>
> Assuming everything is present and it's a go, install and intialize
> database...
> # make install
>
> Make a copy of the dist config file to edit:
> # cp /opt/rt3/etc/RT_Config.pm /opt/rt3/etc/RT_SiteConfig.pm
>
> Edit your RT config file for your purposes:
> # cd /opt/rt3/etc
> # ci -l RT_SiteConfig.pm
> # vim RT_SiteConfig.pm
> # rcsdiff RT_SiteConfig.pm
> ===================================================================
> RCS file: RT_SiteConfig.pm,v
> retrieving revision 1.1
> diff -r1.1 RT_SiteConfig.pm
> 27c27
> < Set($rtname , "example.com");
> ---
> > Set($rtname , "rt");
> 33c33
> < Set($Organization , "example.com");
> ---
> > Set($Organization , "foo.edu");
> 66c66
> < Set($DatabasePassword , 'rt_pass');
> ---
> > Set($DatabasePassword , 'foo');
> 122c122
> < Set($ParseNewMessageForTicketCcs , undef);
> ---
> > Set($ParseNewMessageForTicketCcs , 1);
> 127c127
> < Set($RTAddressRegexp , '^rt\@example.com$');
> ---
> > Set($RTAddressRegexp , '(?i)rt\.bar\.Foo\.EDU$');
> 215c215
> < Set($UseFriendlyToLine , 0);
> ---
> > Set($UseFriendlyToLine , 1);
> 274c274
> < Set($WebPath , "");
> ---
> > Set($WebPath , "/rt");
> 279c279
> < Set($WebBaseURL , "http://RT::WebBaseURL.not.configured:80");
> ---
> > Set($WebBaseURL , "http://rt.bar.foo.edu:80");
> 303c303
> < Set($MessageBoxWrap, "HARD");
> ---
> > Set($MessageBoxWrap, "SOFT");
>
> Initialize Database
> # cd /usr/local/src/rt-3.4.2
> # make initialize-database
>
> Now edit your Apache config file some more:
> # cd /etc/httpd/conf
> # co -l httpd.conf
> # vim httpd.conf
> # rcsdiff httpd.conf
> ===================================================================
> RCS file: httpd.conf,v
> retrieving revision 1.2
> diff -r1.2 httpd.conf
> 1023a1024,1040
> >
> > NameVirtualHost *:80
> > <VirtualHost *:80>
> > ServerAdmin root
> > DocumentRoot /var/www/html/
> > # Adding the following for RT (the ticket tracker)
> > AddHandler fastcgi-script fcgi
> > <Directory "/opt/rt3/share/html">
> > Options FollowSymLinks ExecCGI
> > AllowOverride None
> > </Directory>
> > # Pass through requests to display images
> > Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
> > </VirtualHost>
> > FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
> > ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi
> >
>
> Restart Apache and test:
> # service httpd restart
>
> Assuming it works:
> # ci -u /opt/rt3/etc/RT_SiteConfig.pm
> # ci -u /etc/httpd/conf/httpd.conf
>
> Set up SSL cert
> # cd /etc/httpd/conf
> # openssl genrsa \
> -des3 \
> -out ssl.key/rt.bar.foo.edu.key \
> 1024
> Note the password you used for this key!
>
> # openssl req \
> -new \
> -key ssl.key/rt.bar.foo.edu.key \
> -out ssl.csr/rt.bar.foo.edu.csr
>
> Self-sign
> # openssl x509 \
> -req \
> -in ssl.csr/rt.bar.foo.edu.csr \
> -signkey ssl.key/rt.bar.foo.edu.key \
> -out ssl.crt/rt.bar.foo.edu.crt
>
> Edit ssl.conf...
> # cd /etc/httpd/conf.d
> # ci -l ssl.conf
> # vim ssl.conf
>
> Here's the skinny
> # grep -v ^# ssl.conf | grep -v ^$
> LoadModule ssl_module modules/mod_ssl.so
> Listen 443
> AddType application/x-x509-ca-cert .crt
> AddType application/x-pkcs7-crl .crl
> SSLPassPhraseDialog builtin
> SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
> SSLSessionCacheTimeout 300
> SSLMutex default
> SSLRandomSeed startup file:/dev/urandom 256
> SSLRandomSeed connect builtin
> SSLCryptoDevice builtin
> <VirtualHost _default_:443>
> DocumentRoot "/opt/rt3/share/html"
> ServerName rt.bar.foo.edu:443
> ErrorLog /var/log/httpd/rt.bar.foo.edu_error
> CustomLog /var/log/httpd/rt.bar.foo.edu-access_log common
> LogLevel warn
> SSLEngine on
> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
> SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.bar.foo.edu.crt
> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.bar.foo.edu.key
> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
> SSLOptions +StdEnvVars
> </Files>
> <Directory "/var/www/cgi-bin">
> SSLOptions +StdEnvVars
> </Directory>
> <Directory "/opt/rt3/share/html">
> SSLOptions +StdEnvVars
> Options FollowSymLinks ExecCGI
> AllowOverride None
> </Directory>
> SetEnvIf User-Agent ".*MSIE.*" \
> nokeepalive ssl-unclean-shutdown \
> downgrade-1.0 force-response-1.0
> CustomLog logs/ssl_request_log \
> "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
> Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
> AddHandler fastcgi-script fcgi
> ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
> <Location />
> AddDefaultCharset UTF-8
> </Location>
> </VirtualHost>
>
>
> # cd /etc/httpd/conf
> # co -l httpd.conf
> # vim httpd.conf
> # tail -n 7 httpd.conf
> FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
> NameVirtualHost *:80
> <VirtualHost *:80>
> RewriteEngine on
> RewriteCond %{SERVER_PORT} ^80$
> RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
> </VirtualHost>
>
> Modify RT config to now serve out of root dir
> # cd /opt/rt3/etc/
> # vim RT_SiteConfig.pm
> # rcsdiff RT_SiteConfig.pm
> ===================================================================
> RCS file: RT_SiteConfig.pm,v
> retrieving revision 1.2
> diff -r1.2 RT_SiteConfig.pm
> 274c274
> < Set($WebPath , "/rt");
> ---
> > Set($WebPath , "");
>
>
> Makes sure your firewall is ready for HTTPS
> # iptables -L
> # system-config-securitylevel-tui
>
> test it out (you'll be prompted for your .key file passphrase)
> # service httpd restart
>
> Assuming it all worked
> # ci -u /etc/httpd/conf.d/ssl.conf
> # ci -u /etc/httpd/conf/httpd.conf
> # ci -u /opt/rt3/etc/RT_SiteConfig.pm
>
> MAIL SETUP
> edit config files
> # cd /etc/postfix
> # ci -l main.cf
> # vim main.cf
> # rcsdiff main.cf
> ===================================================================
> RCS file: main.cf,v
> retrieving revision 1.1
> diff -r1.1 main.cf
> 106c106
> < #inet_interfaces = all
> ---
> > inet_interfaces = all
> 109c109
> < inet_interfaces = localhost
> ---
> > #inet_interfaces = localhost
> 200c200,201
> < #local_recipient_maps =
> ---
> > local_recipient_maps =
> > virtual_alias_maps = hash:/etc/mail/virtusertable
> 437c438
> < #mailbox_command = /some/where/procmail
> ---
> > mailbox_command = /usr/bin/procmail
>
> # cd /etc/mail
> # ci -l virtusertable
> # vim virtusertable
> # cat virtusertable
> postmaster at rt.bar.foo.edu postmaster
> @rt.bar.foo.edu rt_dispatcher
>
> # ci -l local-host-names
> # vim local-host-names
> # cat local-host-names
> # rcsdiff local-host-names
> ===================================================================
> RCS file: local-host-names,v
> retrieving revision 1.1
> diff -r1.1 local-host-names
> 1a2
> > rt.BAR.Foo.EDU
>
> rt-mailgate will be talking with RT over HTTPS, so we need Crypt::SSLeay
> # up2date perl-Crypt-SSLeay
>
> per http://www.geert.triple-it.nl/node/rt_procmail.html...
> Create an account which is to gather all RT-mail.
> # useradd rt_dispatcher -G rt
>
> Create utility perl scripts and the .procmailrc
> # su - rt_dispatcher
> $ vim get_action.pl
> $ cat get_action.pl
> #!/usr/bin/env perl
>
> @arr = <STDIN>;
> $action = "correspond";
> foreach (@arr) {
> if (/\s*.*<([^@]+)-comment at .*>/g) {
> $action = "comment";
> } else {
> if (/\s*([^@]+)-comment at .*/g) {
> $action = "comment";
> }
> }
> }
> print "$action";
> $ chmod 700 get_action.pl
> $ ci -u get_action.pl
>
> $ vim get_queue.pl
> $ cat get_queue.pl
> #!/usr/bin/env perl
>
> @arr = <STDIN>;
> $queue = 'general';
> foreach (@arr) {
> if (/\s*.*<([^@]+)@.*>/g) {
> $queue = $1;
> } else {
> if (/\s*([^@]+)@.*/g) {
> $queue= $1;
> }
> }
> }
> if ($queue =~ /(.*)-comment/)
> {
> $queue = $1;
> }
> print "$queue";
> $ chmod 700 get_queue.pl
> $ ci -u get_queue.pl
>
> $ vim .procmailrc
> $ cat .procmailrc
> #Preliminaries
> SHELL=/bin/bash
> MAILDIR=${HOME}
> LOGFILE=${MAILDIR}/procmail.log
> LOG="--- Logging ${LOGFILE} for ${LOGNAME}, "
> VERBOSE=yes
> MAILDOMAIN=rt.bar.foo.edu
> RT_MAILGATE="/opt/rt3/bin/rt-mailgate"
> RT_URL="https://rt.bar.foo.edu"
>
> LOGABSTRACT=all
>
>
> :0
> {
> # the following line extracts the recipient from Received-headers.
> # Simply using the To: does not work, as tickets are often created
> # by sending a CC/BCC to RT
> TO=`formail -c -xReceived: |grep $MAILDOMAIN |sed -e 's/.*for
> *<*\(.*\)>* *;.*$/\1/'`
> QUEUE=`echo $TO| $HOME/get_queue.pl`
> ACTION=`echo $TO| $HOME/get_action.pl`
> :0 Wa
> | $RT_MAILGATE --queue $QUEUE --action $ACTION --url $RT_URL
> }
> $ chmod 600 .procmailrc
> $ ci -u .procmailrc
> $ exit
>
> # service postfix restart
> # postmap hash:/etc/mail/virtusertable
>
> Now, using a web browser, log into RT as root (pass: password) and:
> - CHANGE the password!
> - create a test queue, e.g.
> Queue Name: test_queue
> Description: Queue for Testing
> Reply Address: test_queue
> Comment Address: test_queue-comment
> - create a test user with an email address that you control
> - Create group 'FOO Staff'
> - Configuration | Global | Group Rights
> Everyone:
> CreateTicket
> ModifySelf
> ReplyToTicket
> SeeQueue
>
> Requestor:
> ShowTicket
> FOO Staff:
> AssignCustomFields
> CommentOnTicket
> CreateSavedSearch
> DeleteTicket
> EditSavedSearches
> LoadSavedSearch
> ModifyCustomField
> ModifyTicket
> OwnTicket
> ReplyToTicket
> SeeCustomField
> SeeGroup
> ShowOutgoingEmail
> ShowSavedSearches
> ShowTicket
> ShowTicketComments
> StealTicket
> TakeTicket
> Watch
>
> - send an email to test_queue at rt.bar.foo.edu from the test user's
> email account
>
> There's loads more after this, but it starts to get real specific to
> our customizations.
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
--
-------------------
BitPusher, LLC
http://www.bitpusher.com/
1.888.9PUSHER
(415) 724.7998 - Mobile
More information about the rt-users
mailing list