CentOS7Install: Difference between revisions

From Request Tracker Wiki
Jump to navigation Jump to search
m (Additional formatting.)
mNo edit summary
 
(30 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== RT 4.4.1 installation on CentOS 7.2.1511 ==
== RT 4.4.3 installation on CentOS 7.6.1810 ==


== Assumptions ==
NOTE:  Original Document was for CentOS 7.2 and RT 4.4.1 with MySQL.  Updated for CentOS 7.6, RT 4.4.3 with PostgreSQL.


* Access to the internet and CentOS OS and update repositories is available.
CAUTION:  Previous versions of this document has been stated that you cannot use this method to install RT 4.4.3 directly - this is corrected with a patch below. Best Practical will be fixing this issue in the 4.4.4 release.
* Installation testing was completed using CentOS 7.2.1511 minimal boot ISO.
* httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment.
* Testing was conducted in both KVM and vSphere environments.


----
This document provides a quick methodology for installing RT 4.4.3 on CentOS/RHEL 7.6 for an internet-connected server.  There is a separate CentOS 6.x install at https://rt-wiki.bestpractical.com/wiki/CentOS6Install.


== Installation Steps ==
# Assumptions
* Access to the internet and CentOS OS and update repositories is available.
* Installation testing was completed using CentOS 7.6.1810 minimal boot ISO.
* httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment.
* Testing was conducted in both KVM and vSphere environments.
* Note that the EPEL repository is not required for installation on CentOS 7.


=== OS Installation and Initial Configuration ===
# OS Installation and Initial Configuration
 
* (!) It is possible to automate the majority of this section using kickstart files.
(!) It is possible to automate the majority of this section using kickstart files.
## Install OS.
 
* Install the OS from ISO or PXE boot using your normal methodology.
# Install OS.
## Install prerequisites for RT from OS repository.
 
<pre>yum install expat gd graphviz openssl expat-devel gd-devel graphviz-devel openssl-devel perl perl-CPAN wget screen mod_fcgid postgresql-server postgresql-devel
  * Install the OS from ISO or PXE boot using your normal methodology.
 
# Install prerequisites for RT from OS repository.
  <pre>yum install expat gd graphviz mariadb-server openssl expat-devel gd-devel graphviz-devel mariadb-devel openssl-devel perl perl-CPAN wget screen mod_fcgid
yum groupinstall "Development Tools" "Web Server"</pre>
yum groupinstall "Development Tools" "Web Server"</pre>
 
* NOTE: We use PostgreSQL as the DB which allows us to enable full text search. (This is a change from the previous version of the document which used MySQL/MariaDB.)
  * NOTE: On previous versions of CentOS/RHEL, replace the mariadb-server and mariadb-devel RPMs above with mysql-server and mysql-devel.
## Patch OS
 
<pre>yum update</pre>
# Patch OS
## Disable selinux, by editing /etc/sysconfig/selinux:
 
<code>SELINUX=disabled</code>
  <pre>yum update
* reboot the OS
reboot the OS.</pre>
## Initialize the database:
 
<pre>postgresql-setup initdb</pre>
  * If you are continuing to next step immediately, do not reboot.
## Adjust local services:
 
<pre>systemctl enable postgresql.service
# Disable selinux, by editing /etc/sysconfig/selinux:
 
  <code>'''SELINUX=disabled'''</code>
 
  * reboot the OS
 
# Adjust local services:
  <pre>systemctl enable mariadb.service
systemctl enable httpd.service
systemctl enable httpd.service
systemctl start mariadb.service
systemctl start postgresql.service
systemctl stop httpd.service</pre>
systemctl stop httpd.service</pre>
 
* NOTE:  httpd service needs to be stopped to allow RT web based configuration later.
  * NOTE:  httpd service needs to be stopped to allow RT web based configuration later.
# Configure Supporting Software
 
## Configure postgres user password for postgresql, where 'xxx' is the 'password':
=== Configure Supporting Software ===
<pre>sudo -u postgres psql
 
  ALTER USER postgres PASSWORD 'xxx';
# Configure root password for mariadb:
  \q</pre>
* NOTE:  This step configures the internal DB postgres password for the local instance of postgresql
  <pre>mysqladmin -u root password</pre>
## Reconfigure postgres local user access
 
Configure PostgreSQL to use md5 passwords (needed for RT). Edit /var/lib/pgsql/data/pg_hba.conf and modify the following line from peer to md5:
  * NOTE:  configure the internal DB password for the local instance of mysqld or mariadb
<pre># "local" is for Unix domain socket connections only
 
#local  all        all                              peer
  # Install CPAN minus.
local  all        all                              md5</pre>
 
## Restart postgres server
  <pre>curl -L http://cpanmin.us | perl - --sudo App::cpanminus</pre>
<pre>systemctl restart postgresql.service</pre>
 
## Install CPAN minus.
# Configure RT to use cpanm for fixdeps:
<pre>curl -L http://cpanmin.us | perl - --sudo App::cpanminus</pre>
 
# RT Dependencies and Installation
  <pre>export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm</pre>
## Get RT
 
<pre>mkdir rt
=== RT Dependencies and Installation ===
cd rt
 
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz
  # Get RT and extract to /tmp.
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz.asc</pre>
   
## Verify downloads
  <pre>wget https://download.bestpractical.com/pub/rt/release/rt-4.4.1.tar.gz
* NOTE: Release notes are found at https://bestpractical.com/release-notes/rt/4.4.3
tar xvzf rt-4.4.1.tar.gz -C /tmp
  * extract the sha256sums from the release notes online and add them to a new sha256sum.txt file.
cd /tmp/rt-4.4.1</pre>
<pre>738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1 rt-4.4.3.tar.gz
 
29e0f9c44e30fb8bb2d23448f1930593aef28e4b3faf5bd22619f52e53229c4f  rt-4.4.3.tar.gz.asc</pre>
# Configure RT:
* confirm the files:
 
<pre>sha256sum -c sha256sum.txt</pre>
  <pre>./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache</pre>
* Confirm the GPG key signatures
 
<pre>gpg rt-4.4.3.tar.gz.asc
# Test the dependencies:
gpg --keyserver keyserver.ubuntu.com --recv-key XXX
 
gpg rt-4.4.3.tar.gz.asc</pre>
  <pre>make testdeps</pre>
* NOTE: identify the RSA key ID from the first and replace XXX with the key (RSA key ID 0xFEAC80B2 as of 11 Feb 19)
 
## Extract the files
# Fix the dependencies:
<pre>tar xvzf rt-4.4.3.tar.gz -C /tmp
 
cd /tmp/rt-4.4.3</pre>
  <pre>make fixdeps</pre>
## Configure RT:
 
<pre>./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache --with-db-type=Pg</pre>
  * NOTE:  You may need to run the command more than once.  On RHEL/CentOS 6.8, you may need to manually force the addition of the GD perl module via <code>cpanm GD --force</code>, as there is a known issue with one of the built in tests for GD.
## Configure RT to use cpanm for fixdeps:
 
<pre>export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm</pre>
# Confirm the dependencies are complete:
## Test the dependencies:
<pre>make testdeps</pre>
  </pre>make testdeps<pre>
## Install the dependencies:
 
<pre>make fixdeps</pre>
  # Install RT (default install is to the /opt/rt4 directory):
* NOTE:  You may need to run the command more than once.
 
  * You may need to force the install of a module to complete the install:
  <pre> make install</pre>
  <pre>cpanm HTTP::Headers::Fast --force</pre>
 
## Confirm dependencies:
=== RT Configuration using Web Interface ===
<pre>make testdeps</pre>
 
## Insert a missing dependency into lib/RT/Interface/Web/Handler.pm:
(!) It is possible to complete this step by editing the RT files directly, and creating the database.  Refer to the RT documentation for manual steps.
  * REF:  https://github.com/bestpractical/rt/commit/e07af30477
 
* Edit the file and insert the RT::ObjectCustomFieldValues at line 61:
  # Run the first run installation instance:
<pre>use RT::Interface::Web::Request;
 
use RT::ObjectCustomFieldValues;
  <pre>/opt/rt4/sbin/rt-server</pre>
use File::Path qw( rmtree );</pre>
 
## Install RT (default install is to the /opt/rt4 directory):
# Configure using the web interface.
<pre> make install</pre>
 
# RT Configuration using Web Interface
  * Access the server using a web browser on the http 80 port.
* (!) It is possible to complete this step by editing the RT files directly, and creating the database.  Refer to the RT documentation for manual steps.
 
## Configure firewalld to open port 80
  * Configure the RT instance using the web interface.  Refer to the RT documentation.
<pre>firewall-cmd --zone=public --add-port=80/tcp --permanent
 
firewall-cmd --reload</pre>
# Shutdown the rt-server instance.
* Note: This is an example only, which provides full access to the http port..  Configure your firewall as per site policies.
 
## Start the first run installation instance:
  * When completed Ctrl-C the rt-server instance started above.
<pre>/opt/rt4/sbin/rt-server</pre>
 
## Configure using the web interface.
=== Configure RT for hostname.domain.name/rt directory ===
* Access the server using a web browser to access the http port.
 
* Configure the RT instance using the web interface.  Refer to the RT documentation.
(!) This is a personal preference.  The web server example below assumes /rt is used.
## Shutdown the rt-server instance.
 
* When completed Ctrl-C the rt-server instance started above.
# Modify /opt/rt4/etc/RT_SiteConfig.pm.  Add the following line:
# Configure web server
 
## Modify /etc/httpd/conf.d/fcgid.conf.  Add:
  <code>'''Set( $WebPath, '/rt' );'''</code>
<code>FcgidMaxRequestLen 1073741824</code>
 
## Create /etc/httpd/conf.d/rt.conf:
=== Configure web server ===
<pre># RT4 configuration for Apache
 
#
# Modify /etc/httpd/conf.d/fcgid.conf.  Add:
# With minor changes, this configuration is based on the original documentation:
# https://docs.bestpractical.com/rt/4.4.2/web_deployment.html
  <code>'''FcgidMaxRequestLen 1073741824'''</code>
#
 
# Create /etc/httpd/conf.d/rt.conf:
 
  <code>'''# RT4 configuration for Apache
 
### Optional apache logs for RT
### Optional apache logs for RT
# Ensure that your log rotation scripts know about these files
# Ensure that your log rotation scripts know about these files
Line 139: Line 122:
AddDefaultCharset UTF-8
AddDefaultCharset UTF-8


Alias /rt/NoAuth/images /opt/rt4/share/html/NoAuth/images/
ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/
 
ScriptAlias /rt /opt/rt4/sbin/rt-server.fcgi/


DocumentRoot "/opt/rt4/share/html"
DocumentRoot "/opt/rt4/share/html"


<Location /rt>
<Location />
   # For Centos7/Apache 2.4 this line:
   # For Centos7/Apache 2.4 use this line:
   Require all granted
   Require all granted
   # For Centos6/Apache 2.2 these two lines:
 
   # For Centos6/Apache 2.2 use these two lines:
   # Order allow,deny
   # Order allow,deny
   # Allow from all
   # Allow from all
   Options +ExecCGI
   Options +ExecCGI
   AddHandler fcgid-script fcgi
   AddHandler fcgid-script fcgi
</Location>'''</code>
</Location></pre>
 
## Start apache:
# Start apache:
<pre>systemctl start httpd.service</pre>
 
# Further RT Customization
  <pre>systemctl start httpd.service</pre>
  * These steps are not mandatory, and can be skipped if not desired.
 
## Enable Full Text Indexing
  # Modify firewalld
* This command modifies the database to enable full text indexing
 
* Run:
   * Complete your firewalld configuration to suite your local requirements.
<pre>/opt/rt4/sbin/rt-setup-fulltext-index --no-attachments --dba-password XXX</pre>
  * NOTE:  XXX is the postgres DB user password
  * DB Table:    AttachmentsIndex
  * Column Name:  ContentIndex
  * Index:        GIN
* As the last command will leave the postgres DB password in the command history, clear the relevant history record:
<pre>history
history -d <number></pre>
   * NOTE:  <number> reflects the line number with the --dba-password statement
## Prepare for Offline Attachments
* This enables the migration of embedded attachments from the database to a local filesystem
* Create the directory to store attached files
<pre>mkdir /opt/rt4-atts</pre>
## Modify Site Configuration for fulltext indexing and offline attachments
* Modify <code>/opt/rt4/etc/RT_SiteConfig.pm</code>, inserting the following above the final <code>1;</code> line.
<pre># enable FullTextSearch
Set( %FullTextSearch,
    Enable    => 1,
    Indexed    => 1,
    Column    => 'ContentIndex',
    Table      => 'AttachmentsIndex',
);
# enable external file storage
Set(%ExternalStorage,
    Type => 'Disk',
    Path => '/opt/rt4-atts',
);</pre>
## Create RT crontab entry
*
* Create <code>/etc/cron.d/rt</code> file:
<pre># Request Tracker cron.d/rt file


  (!) NOTE:  Depending on install method, firewalld may not be installed.  You can also stop it for testing with the "systemctl stop firewalld" command.
# For details see man 3 crontabs


  # Access RT
# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  | |  |
# *  *  *  *  * user-name command to be executed


  * Connect to RT using your web browser and start your customization.
# Request Tracker crontab entries
  # attachments - daily moving of large attachments from DB to file system
  0 0 * * * root /opt/rt4/sbin/rt-externalize-attachments
  # indexer - daily indexing of db for fulltext search     
  0 0 * * * root /opt/rt4/sbin/rt-fulltext-indexer --quiet
  # email digests - RT4 email digest processes
  0 0 * * * root /opt/rt4/sbin/rt-email-digest -m daily
  0 0 * * 0 root /opt/rt4/sbin/rt-email-digest -m weekly
  0 * * * * root /opt/rt4/sbin/rt-email-dashboards
  # clean sessions - once a day blow away any open sessions
  0 0 * * * root /opt/rt4/sbin/rt-clean-sessions 6H</pre>
# Installation Complete
## Reboot server to confirm service restart
* It is recommended that you reboot the server to confirm all services restart and provide RT.
## Access RT
* Connect to RT using your web browser and start your site customization.

Latest revision as of 17:26, 11 February 2019

RT 4.4.3 installation on CentOS 7.6.1810

NOTE: Original Document was for CentOS 7.2 and RT 4.4.1 with MySQL. Updated for CentOS 7.6, RT 4.4.3 with PostgreSQL.

CAUTION: Previous versions of this document has been stated that you cannot use this method to install RT 4.4.3 directly - this is corrected with a patch below. Best Practical will be fixing this issue in the 4.4.4 release.

This document provides a quick methodology for installing RT 4.4.3 on CentOS/RHEL 7.6 for an internet-connected server. There is a separate CentOS 6.x install at https://rt-wiki.bestpractical.com/wiki/CentOS6Install.

  1. Assumptions
* Access to the internet and CentOS OS and update repositories is available.
* Installation testing was completed using CentOS 7.6.1810 minimal boot ISO.
* httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment.
* Testing was conducted in both KVM and vSphere environments.
* Note that the EPEL repository is not required for installation on CentOS 7.
  1. OS Installation and Initial Configuration
* (!) It is possible to automate the majority of this section using kickstart files.
    1. Install OS.
* Install the OS from ISO or PXE boot using your normal methodology.
    1. Install prerequisites for RT from OS repository.
yum install expat gd graphviz openssl expat-devel gd-devel graphviz-devel  openssl-devel perl perl-CPAN wget screen mod_fcgid postgresql-server postgresql-devel
yum groupinstall "Development Tools" "Web Server"
* NOTE: We use PostgreSQL as the DB which allows us to enable full text search. (This is a change from the previous version of the document which used MySQL/MariaDB.)
    1. Patch OS
yum update
    1. Disable selinux, by editing /etc/sysconfig/selinux:

SELINUX=disabled

* reboot the OS
    1. Initialize the database:
postgresql-setup initdb
    1. Adjust local services:
systemctl enable postgresql.service
systemctl enable httpd.service
systemctl start postgresql.service
systemctl stop httpd.service
* NOTE:  httpd service needs to be stopped to allow RT web based configuration later.
  1. Configure Supporting Software
    1. Configure postgres user password for postgresql, where 'xxx' is the 'password':
sudo -u postgres psql
  ALTER USER postgres PASSWORD 'xxx';
  \q
* NOTE:  This step configures the internal DB postgres password for the local instance of postgresql
    1. Reconfigure postgres local user access

Configure PostgreSQL to use md5 passwords (needed for RT). Edit /var/lib/pgsql/data/pg_hba.conf and modify the following line from peer to md5:

# "local" is for Unix domain socket connections only
#local   all         all                               peer
local   all         all                               md5
    1. Restart postgres server
systemctl restart postgresql.service
    1. Install CPAN minus.
curl -L http://cpanmin.us | perl - --sudo App::cpanminus
  1. RT Dependencies and Installation
    1. Get RT
mkdir rt
cd rt
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz.asc
    1. Verify downloads
* NOTE: Release notes are found at https://bestpractical.com/release-notes/rt/4.4.3
* extract the sha256sums from the release notes online and add them to a new sha256sum.txt file.
738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1  rt-4.4.3.tar.gz
29e0f9c44e30fb8bb2d23448f1930593aef28e4b3faf5bd22619f52e53229c4f  rt-4.4.3.tar.gz.asc
* confirm the files:
sha256sum -c sha256sum.txt
* Confirm the GPG key signatures
gpg rt-4.4.3.tar.gz.asc
gpg --keyserver keyserver.ubuntu.com --recv-key XXX
gpg rt-4.4.3.tar.gz.asc
* NOTE: identify the RSA key ID from the first and replace XXX with the key (RSA key ID 0xFEAC80B2 as of 11 Feb 19)
    1. Extract the files
tar xvzf rt-4.4.3.tar.gz -C /tmp
cd /tmp/rt-4.4.3
    1. Configure RT:
./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache --with-db-type=Pg
    1. Configure RT to use cpanm for fixdeps:
export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm
    1. Test the dependencies:
make testdeps
    1. Install the dependencies:
make fixdeps
* NOTE:  You may need to run the command more than once.
* You may need to force the install of a module to complete the install:
cpanm HTTP::Headers::Fast --force
    1. Confirm dependencies:
make testdeps
    1. Insert a missing dependency into lib/RT/Interface/Web/Handler.pm:
* REF:  https://github.com/bestpractical/rt/commit/e07af30477
* Edit the file and insert the RT::ObjectCustomFieldValues at line 61:
use RT::Interface::Web::Request;
use RT::ObjectCustomFieldValues;
use File::Path qw( rmtree );
    1. Install RT (default install is to the /opt/rt4 directory):
 make install
  1. RT Configuration using Web Interface
* (!) It is possible to complete this step by editing the RT files directly, and creating the database.  Refer to the RT documentation for manual steps.
    1. Configure firewalld to open port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
* Note:  This is an example only, which provides full access to the http port..  Configure your firewall as per site policies.
    1. Start the first run installation instance:
/opt/rt4/sbin/rt-server
    1. Configure using the web interface.
* Access the server using a web browser to access the http port.
* Configure the RT instance using the web interface.  Refer to the RT documentation.
    1. Shutdown the rt-server instance.
* When completed Ctrl-C the rt-server instance started above.
  1. Configure web server
    1. Modify /etc/httpd/conf.d/fcgid.conf. Add:

FcgidMaxRequestLen 1073741824

    1. Create /etc/httpd/conf.d/rt.conf:
# RT4 configuration for Apache
#
# With minor changes, this configuration is based on the original documentation:
# https://docs.bestpractical.com/rt/4.4.2/web_deployment.html
#
### Optional apache logs for RT
# Ensure that your log rotation scripts know about these files
# ErrorLog /opt/rt4/var/log/apache2.error
# TransferLog /opt/rt4/var/log/apache2.access
# LogLevel debug

AddDefaultCharset UTF-8

ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

DocumentRoot "/opt/rt4/share/html"

<Location />
  # For Centos7/Apache 2.4 use this line:
  Require all granted

  # For Centos6/Apache 2.2 use these two lines:
  # Order allow,deny
  # Allow from all

  Options +ExecCGI
  AddHandler fcgid-script fcgi
</Location>
    1. Start apache:
systemctl start httpd.service
  1. Further RT Customization
* These steps are not mandatory, and can be skipped if not desired.
    1. Enable Full Text Indexing
* This command modifies the database to enable full text indexing
* Run:
/opt/rt4/sbin/rt-setup-fulltext-index --no-attachments --dba-password XXX
  * NOTE:  XXX is the postgres DB user password
  * DB Table:     AttachmentsIndex
  * Column Name:  ContentIndex
  * Index:        GIN
* As the last command will leave the postgres DB password in the command history, clear the relevant history record:
history
history -d <number>
  * NOTE:  <number> reflects the line number with the --dba-password statement
    1. Prepare for Offline Attachments
* This enables the migration of embedded attachments from the database to a local filesystem
* Create the directory to store attached files
mkdir /opt/rt4-atts
    1. Modify Site Configuration for fulltext indexing and offline attachments
* Modify /opt/rt4/etc/RT_SiteConfig.pm, inserting the following above the final 1; line.
# enable FullTextSearch
Set( %FullTextSearch,
    Enable     => 1,
    Indexed    => 1,
    Column     => 'ContentIndex',
    Table      => 'AttachmentsIndex',
);
# enable external file storage
Set(%ExternalStorage,
    Type => 'Disk',
    Path => '/opt/rt4-atts',
);
    1. Create RT crontab entry
* 
* Create /etc/cron.d/rt file:
# Request Tracker cron.d/rt file

# For details see man 3 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed

# Request Tracker crontab entries
  # attachments - daily moving of large attachments from DB to file system
  0 0 * * * root /opt/rt4/sbin/rt-externalize-attachments
  # indexer - daily indexing of db for fulltext search      
  0 0 * * * root /opt/rt4/sbin/rt-fulltext-indexer --quiet
  # email digests - RT4 email digest processes
  0 0 * * * root /opt/rt4/sbin/rt-email-digest -m daily
  0 0 * * 0 root /opt/rt4/sbin/rt-email-digest -m weekly
  0 * * * * root /opt/rt4/sbin/rt-email-dashboards
  # clean sessions - once a day blow away any open sessions 
  0 0 * * * root /opt/rt4/sbin/rt-clean-sessions 6H
  1. Installation Complete
    1. Reboot server to confirm service restart
* It is recommended that you reboot the server to confirm all services restart and provide RT.
    1. Access RT
* Connect to RT using your web browser and start your site customization.