[rt-users] RT with RHEL4

Joby Walker joby at u.washington.edu
Tue Jun 7 15:54:29 EDT 2005


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've been experimenting with building a local perl install for RT on
RHEL3, and ran into the same problem after all but three of the modules
had installed.  I have no idea what the problem was since the tarball
was untared.  I manually installed the the modules using:

/path/to/perl -MCPAN -eshell
> install <packagename>


Joby Walker
ITI SSG, University of Washington
- --
PGP key: https://staff.washington.edu/joby/joby-u-pub.asc


Michael T. Halligan wrote:
> Well, I've made some progress (mainly, more proof that RedHat sucks).
> 
> My main problem that I"m running into is this error :
> 
> Couldn't untar
> /root/.cpan/sources/authors/id/M/MS/MSCHWERN/Test-Inline-0.16.tar
> 
> that happens when I run : perl sbin/rt-test-dependencies --with-mysql
> --with-fastcgi --install
> 
> Does anybody have an idea what's happening here? It happens on every
> module, and apparently
> request tracker needs about 80 modules to work.
> 
> Is there not a better way (besides switching to debian)
> 
> 
> Phil Lawrence wrote:
> 
>> Michael T. Halligan wrote:
>>
>>> Has anybody had any luck with RHEL4 & RT? 
>>
>>
>>
>> You bet.  Easy as pie.  Here's my install notes, heavily based on the
>> wiki:
>> Installing RT on RHEL 4 with FastCGI and MySQL:
>>
>> RHEL4 INSTALL
>> Boot from RHEL4 CD 1
>>
>> When partitioning, click "Configure advanced boot loader options"
>> add vga=773 (or whatever) to kernal parms
>>
>> Firewall on, allow SSH, HTTP & HTTPS, SMTP
>> SELINUX=disabled
>>
>> Customize software packages to be installed
>> Pick "minimal" set of packages
>>
>> reboot
>>
>> SETUP up2date
>> # rpm --import /usr/share/rhn/RPM-GPG-KEY
>>
>> upgrade all (you'll be prompted to accept rhndefault
>>  settings, and for your rhn user info)
>> # up2date -u
>>
>> add needed stuff
>> # up2date         \
>>   httpd-devel     \
>>   mod_ssl         \
>>   mysql           \
>>   mysqlclient10   \
>>   mysql-server    \
>>   mysql-devel     \
>>   gcc             \
>>   system-switch-mail \
>>   postfix
>>
>> add stuff I like
>> # up2date         \
>>   screen          \
>>   rcs             \
>>   vim-enhanced
>>
>> Now we switch from Sendmail to Postscript
>> # system-switch-mail
>>
>> start screen (if you like)
>> # screen
>>
>> Install FastCGI...
>> # cd /usr/local/src
>> # wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.2.tar.gz
>> # gunzip mod_fastcgi-2.4.2.tar.gz
>> # tar -xvf mod_fastcgi-2.4.2.tar
>> # cd mod_fastcgi-2.4.2
>> # cp Makefile.AP2 Makefile
>> # edit Makefile:
>>     ###Modify for location of apache 2 installation:
>>     top_dir      = /etc/httpd
>> # make
>> # make install
>>
>> FastCGI wants to have a place to put its logs, and permission to do so:
>> # mkdir /etc/httpd/logs/fastcgi
>> # mkdir /etc/httpd/logs/fastcgi/dynamic
>> # chown apache:apache /etc/httpd/logs/fastcgi
>> # chown apache:apache /etc/httpd/logs/fastcgi/dynamic
>>
>> Do initial configure for apache
>> # cd /etc/httpd/conf
>> # ci -l httpd.conf
>> # vim httpd.conf
>> # rcsdiff httpd.conf
>> ===================================================================
>> RCS file: httpd.conf,v
>> retrieving revision 1.1
>> diff -r1.1 httpd.conf
>> 189a190
>> > LoadModule fastcgi_module modules/mod_fastcgi.so
>>
>> Start apache
>> # service httpd start
>>
>> Check Apache logs to make sure fastcgi started
>>   - Should see no lines with [error] referencing FastCGI
>>   - Should see one line indicating a [notice] and the pid of FastCGI
>>      [notice] FastCGI: process manager initialized (pid 3478)
>> # cat /var/log/httpd/error_log
>>
>> If it worked...
>> # ci -u /etc/httpd/conf/httpd.conf
>>
>> NOTE:  always check the group ownership and permissions of files after
>> you perform rcs operations on them...  I think your effective ID can
>> screw things up, and then you've got to chgrp or whatever.
>>
>> Set apache and mysql to start automatically
>> # chkconfig httpd on
>> # chkconfig mysqld on
>>
>> Turn on MySQL server, set MySQL root password...
>> # service mysqld start
>> # mysqladmin -u root password some_new_password
>>
>>
>> Do initial CPAN setup
>> # cd
>> # perl -MCPAN -e shell
>>
>> Policy on building prerequisites (follow, ask or ignore)? [ask] follow
>>
>> cpan> install Bundle::CPAN
>> cpan> quit
>>
>> RT Pre-Install...
>> RT requires its own group, so let's add it now lest we forget:
>> # groupadd rt
>>
>> RT gets initiated by apache, so add apache to the rt group:
>> # vim /etc/group
>> # grep ^rt /etc/group
>> rt:x:500:apache
>>
>> Confirm selinux is disabled
>> # grep ^SELINUX= /etc/selinux/config
>> SELINUX=disabled
>>
>> Change permissions on /etc/httpd/logs from within
>> $ cd /etc/httpd/logs
>> $ chmod 755 .
>>
>> Install latest RT
>> # cd /usr/local/src
>> # wget http://download.bestpractical.com/pub/rt/release/rt-3.4.2.tar.gz
>> # gunzip rt.tar.gz
>> # tar -xvf rt.tar
>> # cd rt-3.4.2/
>>
>> Set up the makefile for us with the proper settings:
>> # ./configure \
>>     --with-web-user=apache \
>>     --with-web-group=apache \
>>     --with-mysql \
>>     --with-fastcgi
>>
>> Show us what's missing and what's not:
>> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose
>>
>> Try to install what's missing for us through CPAN:
>> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
>>
>> Test again and only show us the MISSING items this time:
>> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
>>   | grep MISSING
>>
>> MIME::Entity won't install without MIME::Base64, so install that first
>> # perl -MCPAN -e 'install MIME::Base64'
>>
>> Now install MIME::Entity:
>> # perl -MCPAN -e 'install MIME::Entity'
>>
>> Try to install anything else missing for us:
>> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --install
>>
>> Test again and make sure nothing is MISSING:
>> # perl sbin/rt-test-dependencies --with-mysql --with-fastcgi --verbose \
>>   | grep MISSING
>>
>> NOTE: I chose to skip running the Apache test suite to
>>  simplify things.  YMMV.
>>
>> Assuming everything is present and it's a go, install and intialize
>> database...
>> # make install
>>
>> Make a copy of the dist config file to edit:
>> # cp /opt/rt3/etc/RT_Config.pm /opt/rt3/etc/RT_SiteConfig.pm
>>
>> Edit your RT config file for your purposes:
>> # cd /opt/rt3/etc
>> # ci -l RT_SiteConfig.pm
>> # vim RT_SiteConfig.pm
>> # rcsdiff RT_SiteConfig.pm
>> ===================================================================
>> RCS file: RT_SiteConfig.pm,v
>> retrieving revision 1.1
>> diff -r1.1 RT_SiteConfig.pm
>> 27c27
>> < Set($rtname , "example.com");
>> ---
>> > Set($rtname , "rt");
>> 33c33
>> < Set($Organization , "example.com");
>> ---
>> > Set($Organization , "foo.edu");
>> 66c66
>> < Set($DatabasePassword , 'rt_pass');
>> ---
>> > Set($DatabasePassword , 'foo');
>> 122c122
>> < Set($ParseNewMessageForTicketCcs , undef);
>> ---
>> > Set($ParseNewMessageForTicketCcs , 1);
>> 127c127
>> < Set($RTAddressRegexp , '^rt\@example.com$');
>> ---
>> > Set($RTAddressRegexp , '(?i)rt\.bar\.Foo\.EDU$');
>> 215c215
>> < Set($UseFriendlyToLine , 0);
>> ---
>> > Set($UseFriendlyToLine , 1);
>> 274c274
>> < Set($WebPath , "");
>> ---
>> > Set($WebPath , "/rt");
>> 279c279
>> < Set($WebBaseURL , "http://RT::WebBaseURL.not.configured:80");
>> ---
>> > Set($WebBaseURL , "http://rt.bar.foo.edu:80");
>> 303c303
>> < Set($MessageBoxWrap, "HARD");
>> ---
>> > Set($MessageBoxWrap, "SOFT");
>>
>> Initialize Database
>> # cd /usr/local/src/rt-3.4.2
>> # make initialize-database
>>
>> Now edit your Apache config file some more:
>> # cd /etc/httpd/conf
>> # co -l httpd.conf
>> # vim httpd.conf
>> # rcsdiff httpd.conf
>> ===================================================================
>> RCS file: httpd.conf,v
>> retrieving revision 1.2
>> diff -r1.2 httpd.conf
>> 1023a1024,1040
>> >
>> > NameVirtualHost *:80
>> > <VirtualHost *:80>
>> >   ServerAdmin root
>> >   DocumentRoot /var/www/html/
>> >   # Adding the following for RT (the ticket tracker)
>> >   AddHandler fastcgi-script fcgi
>> >   <Directory "/opt/rt3/share/html">
>> >     Options FollowSymLinks ExecCGI
>> >     AllowOverride None
>> >   </Directory>
>> >   # Pass through requests to display images
>> >   Alias /NoAuth/images/ /opt/rt3/share/html/NoAuth/images/
>> > </VirtualHost>
>> > FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
>> > ScriptAlias /rt /opt/rt3/bin/mason_handler.fcgi
>> >
>>
>> Restart Apache and test:
>> # service httpd restart
>>
>> Assuming it works:
>> # ci -u /opt/rt3/etc/RT_SiteConfig.pm
>> # ci -u /etc/httpd/conf/httpd.conf
>>
>> Set up SSL cert
>> # cd /etc/httpd/conf
>> # openssl genrsa                    \
>>    -des3                            \
>>    -out ssl.key/rt.bar.foo.edu.key  \
>>    1024
>> Note the password you used for this key!
>>
>> # openssl req  \
>>    -new                             \
>>    -key ssl.key/rt.bar.foo.edu.key  \
>>    -out ssl.csr/rt.bar.foo.edu.csr
>>
>> Self-sign
>> # openssl x509  \
>>    -req                                 \
>>    -in       ssl.csr/rt.bar.foo.edu.csr \
>>    -signkey  ssl.key/rt.bar.foo.edu.key \
>>    -out      ssl.crt/rt.bar.foo.edu.crt
>>
>> Edit ssl.conf...
>> # cd /etc/httpd/conf.d
>> # ci -l ssl.conf
>> # vim ssl.conf
>>
>> Here's the skinny
>> # grep -v ^# ssl.conf | grep -v ^$
>> LoadModule ssl_module modules/mod_ssl.so
>> Listen 443
>> AddType application/x-x509-ca-cert .crt
>> AddType application/x-pkcs7-crl    .crl
>> SSLPassPhraseDialog  builtin
>> SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
>> SSLSessionCacheTimeout  300
>> SSLMutex default
>> SSLRandomSeed startup file:/dev/urandom  256
>> SSLRandomSeed connect builtin
>> SSLCryptoDevice builtin
>> <VirtualHost _default_:443>
>> DocumentRoot "/opt/rt3/share/html"
>> ServerName rt.bar.foo.edu:443
>> ErrorLog /var/log/httpd/rt.bar.foo.edu_error
>> CustomLog /var/log/httpd/rt.bar.foo.edu-access_log common
>> LogLevel warn
>> SSLEngine on
>> SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP
>> SSLCertificateFile /etc/httpd/conf/ssl.crt/rt.bar.foo.edu.crt
>> SSLCertificateKeyFile /etc/httpd/conf/ssl.key/rt.bar.foo.edu.key
>> <Files ~ "\.(cgi|shtml|phtml|php3?)$">
>>     SSLOptions +StdEnvVars
>> </Files>
>> <Directory "/var/www/cgi-bin">
>>     SSLOptions +StdEnvVars
>> </Directory>
>> <Directory "/opt/rt3/share/html">
>>     SSLOptions +StdEnvVars
>>     Options FollowSymLinks ExecCGI
>>     AllowOverride None
>> </Directory>
>> SetEnvIf User-Agent ".*MSIE.*" \
>>          nokeepalive ssl-unclean-shutdown \
>>          downgrade-1.0 force-response-1.0
>> CustomLog logs/ssl_request_log \
>>           "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
>> Alias /NoAuth/images/   /opt/rt3/share/html/NoAuth/images/
>> AddHandler fastcgi-script fcgi
>> ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/
>> <Location />
>>         AddDefaultCharset UTF-8
>> </Location>
>> </VirtualHost>
>>
>>
>> # cd /etc/httpd/conf
>> # co -l httpd.conf
>> # vim httpd.conf
>> # tail -n 7 httpd.conf
>> FastCgiServer /opt/rt3/bin/mason_handler.fcgi -idle-timeout 120
>> NameVirtualHost *:80
>> <VirtualHost *:80>
>>   RewriteEngine on
>>   RewriteCond %{SERVER_PORT} ^80$
>>   RewriteRule ^/(.*) https://%{SERVER_NAME}/$1 [R,L]
>> </VirtualHost>
>>
>> Modify RT config to now serve out of root dir
>> # cd /opt/rt3/etc/
>> # vim RT_SiteConfig.pm
>> # rcsdiff RT_SiteConfig.pm
>> ===================================================================
>> RCS file: RT_SiteConfig.pm,v
>> retrieving revision 1.2
>> diff -r1.2 RT_SiteConfig.pm
>> 274c274
>> < Set($WebPath , "/rt");
>> ---
>> > Set($WebPath , "");
>>
>>
>> Makes sure your firewall is ready for HTTPS
>> # iptables -L
>> # system-config-securitylevel-tui
>>
>> test it out (you'll be prompted for your .key file passphrase)
>> # service httpd restart
>>
>> Assuming it all worked
>> # ci -u /etc/httpd/conf.d/ssl.conf
>> # ci -u /etc/httpd/conf/httpd.conf
>> # ci -u /opt/rt3/etc/RT_SiteConfig.pm
>>
>> MAIL SETUP
>> edit config files
>> # cd /etc/postfix
>> # ci -l main.cf
>> # vim main.cf
>> # rcsdiff main.cf
>> ===================================================================
>> RCS file: main.cf,v
>> retrieving revision 1.1
>> diff -r1.1 main.cf
>> 106c106
>> < #inet_interfaces = all
>> ---
>> > inet_interfaces = all
>> 109c109
>> < inet_interfaces = localhost
>> ---
>> > #inet_interfaces = localhost
>> 200c200,201
>> < #local_recipient_maps =
>> ---
>> > local_recipient_maps =
>> > virtual_alias_maps = hash:/etc/mail/virtusertable
>> 437c438
>> < #mailbox_command = /some/where/procmail
>> ---
>> > mailbox_command = /usr/bin/procmail
>>
>> # cd /etc/mail
>> # ci -l virtusertable
>> # vim virtusertable
>> # cat virtusertable
>> postmaster at rt.bar.foo.edu postmaster
>> @rt.bar.foo.edu rt_dispatcher
>>
>> # ci -l local-host-names
>> # vim local-host-names
>> # cat local-host-names
>> # rcsdiff local-host-names
>> ===================================================================
>> RCS file: local-host-names,v
>> retrieving revision 1.1
>> diff -r1.1 local-host-names
>> 1a2
>> > rt.BAR.Foo.EDU
>>
>> rt-mailgate will be talking with RT over HTTPS, so we need Crypt::SSLeay
>> # up2date perl-Crypt-SSLeay
>>
>> per http://www.geert.triple-it.nl/node/rt_procmail.html...
>> Create an account which is to gather all RT-mail.
>> # useradd rt_dispatcher -G rt
>>
>> Create utility perl scripts and the .procmailrc
>> # su - rt_dispatcher
>> $ vim get_action.pl
>> $ cat get_action.pl
>> #!/usr/bin/env perl
>>
>> @arr = <STDIN>;
>> $action = "correspond";
>> foreach (@arr) {
>>         if (/\s*.*<([^@]+)-comment at .*>/g) {
>>                 $action = "comment";
>>         } else {
>>                 if (/\s*([^@]+)-comment at .*/g) {
>>                         $action = "comment";
>>                 }
>>         }
>> }
>> print "$action";
>> $ chmod 700 get_action.pl
>> $ ci -u get_action.pl
>>
>> $ vim get_queue.pl
>> $ cat get_queue.pl
>> #!/usr/bin/env perl
>>
>> @arr = <STDIN>;
>> $queue = 'general';
>> foreach (@arr) {
>>         if (/\s*.*<([^@]+)@.*>/g) {
>>                 $queue = $1;
>>                 } else {
>>                         if (/\s*([^@]+)@.*/g) {
>>                                 $queue= $1;
>>                         }
>>                 }
>>         }
>> if ($queue =~ /(.*)-comment/)
>> {
>>         $queue = $1;
>> }
>> print "$queue";
>> $ chmod 700 get_queue.pl
>> $ ci -u get_queue.pl
>>
>> $ vim .procmailrc
>> $ cat .procmailrc
>> #Preliminaries
>> SHELL=/bin/bash
>> MAILDIR=${HOME}
>> LOGFILE=${MAILDIR}/procmail.log
>> LOG="--- Logging ${LOGFILE} for ${LOGNAME}, "
>> VERBOSE=yes
>> MAILDOMAIN=rt.bar.foo.edu
>> RT_MAILGATE="/opt/rt3/bin/rt-mailgate"
>> RT_URL="https://rt.bar.foo.edu"
>>
>> LOGABSTRACT=all
>>
>>
>> :0
>> {
>> # the following line extracts the recipient from Received-headers.
>> # Simply using the To: does not work, as tickets are often created
>> # by sending a CC/BCC to RT
>> TO=`formail -c -xReceived: |grep $MAILDOMAIN |sed -e 's/.*for
>> *<*\(.*\)>* *;.*$/\1/'`
>> QUEUE=`echo $TO| $HOME/get_queue.pl`
>> ACTION=`echo $TO| $HOME/get_action.pl`
>> :0 Wa
>> | $RT_MAILGATE --queue $QUEUE --action $ACTION --url $RT_URL
>> }
>> $ chmod 600 .procmailrc
>> $ ci -u .procmailrc
>> $ exit
>>
>> # service postfix restart
>> # postmap hash:/etc/mail/virtusertable
>>
>> Now, using a web browser, log into RT as root (pass: password) and:
>>  - CHANGE the password!
>>  - create a test queue, e.g.
>>     Queue Name:       test_queue
>>     Description:      Queue for Testing
>>     Reply Address:    test_queue
>>     Comment Address:  test_queue-comment
>>  - create a test user with an email address that you control
>>  - Create group 'FOO Staff'
>>  - Configuration | Global | Group Rights
>>     Everyone:
>>         CreateTicket
>>         ModifySelf
>>         ReplyToTicket
>>         SeeQueue
>>                    Requestor:
>>         ShowTicket
>>     FOO Staff:
>>         AssignCustomFields
>>         CommentOnTicket
>>         CreateSavedSearch
>>         DeleteTicket
>>         EditSavedSearches
>>         LoadSavedSearch
>>         ModifyCustomField
>>         ModifyTicket
>>         OwnTicket
>>         ReplyToTicket
>>         SeeCustomField
>>         SeeGroup
>>         ShowOutgoingEmail
>>         ShowSavedSearches
>>         ShowTicket
>>         ShowTicketComments
>>         StealTicket
>>         TakeTicket
>>         Watch
>>
>>  - send an email to test_queue at rt.bar.foo.edu from the test user's
>> email account
>>
>> There's loads more after this, but it starts to get real specific to
>> our customizations.
>> _______________________________________________
>> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>>
>> Be sure to check out the RT Wiki at http://wiki.bestpractical.com
> 
> 
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCpft1gA0gpghkf88RAvIFAJ99u74eGN49OXTn4i6lFAJAqFgtxgCeNA/V
mOfZGqpDBfY4uxBskdh5Bn8=
=q7p7
-----END PGP SIGNATURE-----



More information about the rt-users mailing list