CentOS7Install: Difference between revisions
mNo edit summary |
|||
(32 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
== RT 4.4. | == RT 4.4.3 installation on CentOS 7.6.1810 == | ||
NOTE: Original Document was for CentOS 7.2 and RT 4.4.1 with MySQL. Updated for CentOS 7.6, RT 4.4.3 with PostgreSQL. | |||
CAUTION: Previous versions of this document has been stated that you cannot use this method to install RT 4.4.3 directly - this is corrected with a patch below. Best Practical will be fixing this issue in the 4.4.4 release. | |||
-- | This document provides a quick methodology for installing RT 4.4.3 on CentOS/RHEL 7.6 for an internet-connected server. There is a separate CentOS 6.x install at https://rt-wiki.bestpractical.com/wiki/CentOS6Install. | ||
# Assumptions | |||
* Access to the internet and CentOS OS and update repositories is available. | |||
* Installation testing was completed using CentOS 7.6.1810 minimal boot ISO. | |||
* httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment. | |||
* Testing was conducted in both KVM and vSphere environments. | |||
* Note that the EPEL repository is not required for installation on CentOS 7. | |||
# OS Installation and Initial Configuration | |||
* (!) It is possible to automate the majority of this section using kickstart files. | |||
(!) It is possible to automate the majority of this section using kickstart files. | ## Install OS. | ||
* Install the OS from ISO or PXE boot using your normal methodology. | |||
# Install OS. Install the OS from ISO or PXE boot using your normal methodology. | ## Install prerequisites for RT from OS repository. | ||
<pre>yum install expat gd graphviz openssl expat-devel gd-devel graphviz-devel openssl-devel perl perl-CPAN wget screen mod_fcgid postgresql-server postgresql-devel | |||
# Install prerequisites for RT from OS repository. | |||
<pre>yum install expat gd graphviz | |||
yum groupinstall "Development Tools" "Web Server"</pre> | yum groupinstall "Development Tools" "Web Server"</pre> | ||
* NOTE: We use PostgreSQL as the DB which allows us to enable full text search. (This is a change from the previous version of the document which used MySQL/MariaDB.) | |||
* NOTE: | ## Patch OS | ||
<pre>yum update</pre> | |||
# Patch OS | ## Disable selinux, by editing /etc/sysconfig/selinux: | ||
<code>SELINUX=disabled</code> | |||
<pre>yum update | * reboot the OS | ||
## Initialize the database: | |||
<pre>postgresql-setup initdb</pre> | |||
## Adjust local services: | |||
<pre>systemctl enable postgresql.service | |||
# Disable selinux, by editing /etc/sysconfig/selinux: | |||
* reboot the OS | |||
# Adjust local services: | |||
<pre>systemctl enable | |||
systemctl enable httpd.service | systemctl enable httpd.service | ||
systemctl start | systemctl start postgresql.service | ||
systemctl stop httpd.service</pre> | systemctl stop httpd.service</pre> | ||
* NOTE: httpd service needs to be stopped to allow RT web based configuration later. | |||
* NOTE: httpd service needs to be stopped to allow RT web based configuration later. | # Configure Supporting Software | ||
## Configure postgres user password for postgresql, where 'xxx' is the 'password': | |||
<pre>sudo -u postgres psql | |||
ALTER USER postgres PASSWORD 'xxx'; | |||
# Configure | \q</pre> | ||
* NOTE: This step configures the internal DB postgres password for the local instance of postgresql | |||
<pre> | ## Reconfigure postgres local user access | ||
Configure PostgreSQL to use md5 passwords (needed for RT). Edit /var/lib/pgsql/data/pg_hba.conf and modify the following line from peer to md5: | |||
* NOTE: | <pre># "local" is for Unix domain socket connections only | ||
#local all all peer | |||
# Install CPAN minus. | local all all md5</pre> | ||
## Restart postgres server | |||
<pre>systemctl restart postgresql.service</pre> | |||
## Install CPAN minus. | |||
<pre>curl -L http://cpanmin.us | perl - --sudo App::cpanminus</pre> | <pre>curl -L http://cpanmin.us | perl - --sudo App::cpanminus</pre> | ||
# RT Dependencies and Installation | |||
# Configure RT to use cpanm for fixdeps: | ## Get RT | ||
<pre>mkdir rt | |||
cd rt | |||
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz | |||
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz.asc</pre> | |||
## Verify downloads | |||
* NOTE: Release notes are found at https://bestpractical.com/release-notes/rt/4.4.3 | |||
* extract the sha256sums from the release notes online and add them to a new sha256sum.txt file. | |||
<pre>738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1 rt-4.4.3.tar.gz | |||
29e0f9c44e30fb8bb2d23448f1930593aef28e4b3faf5bd22619f52e53229c4f rt-4.4.3.tar.gz.asc</pre> | |||
* confirm the files: | |||
<pre>sha256sum -c sha256sum.txt</pre> | |||
* Confirm the GPG key signatures | |||
<pre>gpg rt-4.4.3.tar.gz.asc | |||
gpg --keyserver keyserver.ubuntu.com --recv-key XXX | |||
gpg rt-4.4.3.tar.gz.asc</pre> | |||
* NOTE: identify the RSA key ID from the first and replace XXX with the key (RSA key ID 0xFEAC80B2 as of 11 Feb 19) | |||
## Extract the files | |||
<pre>tar xvzf rt-4.4.3.tar.gz -C /tmp | |||
cd /tmp/rt-4.4.3</pre> | |||
## Configure RT: | |||
<pre>./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache --with-db-type=Pg</pre> | |||
## Configure RT to use cpanm for fixdeps: | |||
<pre>export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm</pre> | <pre>export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm</pre> | ||
## Test the dependencies: | |||
# | |||
# Test the dependencies: | |||
<pre>make testdeps</pre> | <pre>make testdeps</pre> | ||
## Install the dependencies: | |||
# | |||
<pre>make fixdeps</pre> | <pre>make fixdeps</pre> | ||
* NOTE: You may need to run the command more than once. | |||
* NOTE: You may need to run the command more than once. | * You may need to force the install of a module to complete the install: | ||
<pre>cpanm HTTP::Headers::Fast --force</pre> | |||
# Confirm | ## Confirm dependencies: | ||
<pre>make testdeps</pre> | |||
< | ## Insert a missing dependency into lib/RT/Interface/Web/Handler.pm: | ||
* REF: https://github.com/bestpractical/rt/commit/e07af30477 | |||
# Install RT (default install is to the /opt/rt4 directory): | * Edit the file and insert the RT::ObjectCustomFieldValues at line 61: | ||
<pre>use RT::Interface::Web::Request; | |||
use RT::ObjectCustomFieldValues; | |||
use File::Path qw( rmtree );</pre> | |||
## Install RT (default install is to the /opt/rt4 directory): | |||
<pre> make install</pre> | <pre> make install</pre> | ||
# RT Configuration using Web Interface | |||
* (!) It is possible to complete this step by editing the RT files directly, and creating the database. Refer to the RT documentation for manual steps. | |||
## Configure firewalld to open port 80 | |||
(!) It is possible to complete this step by editing the RT files directly, and creating the database. Refer to the RT documentation for manual steps. | <pre>firewall-cmd --zone=public --add-port=80/tcp --permanent | ||
firewall-cmd --reload</pre> | |||
# | * Note: This is an example only, which provides full access to the http port.. Configure your firewall as per site policies. | ||
## Start the first run installation instance: | |||
<pre>/opt/rt4/sbin/rt-server</pre> | <pre>/opt/rt4/sbin/rt-server</pre> | ||
## Configure using the web interface. | |||
* Access the server using a web browser to access the http port. | |||
* Configure the RT instance using the web interface. Refer to the RT documentation. | |||
## Shutdown the rt-server instance. | |||
* When completed Ctrl-C the rt-server instance started above. | |||
# Configure web server | |||
## Modify /etc/httpd/conf.d/fcgid.conf. Add: | |||
<code>FcgidMaxRequestLen 1073741824</code> | |||
## Create /etc/httpd/conf.d/rt.conf: | |||
<pre># RT4 configuration for Apache | |||
# | |||
# With minor changes, this configuration is based on the original documentation: | |||
# https://docs.bestpractical.com/rt/4.4.2/web_deployment.html | |||
# | |||
### Optional apache logs for RT | |||
# Ensure that your log rotation scripts know about these files | |||
# ErrorLog /opt/rt4/var/log/apache2.error | |||
# TransferLog /opt/rt4/var/log/apache2.access | |||
# LogLevel debug | |||
AddDefaultCharset UTF-8 | |||
ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/ | |||
DocumentRoot "/opt/rt4/share/html" | |||
<Location /> | |||
# For Centos7/Apache 2.4 use this line: | |||
Require all granted | |||
# For Centos6/Apache 2.2 use these two lines: | |||
# Order allow,deny | |||
# Allow from all | |||
Options +ExecCGI | |||
AddHandler fcgid-script fcgi | |||
</Location></pre> | |||
## Start apache: | |||
<pre>systemctl start httpd.service</pre> | <pre>systemctl start httpd.service</pre> | ||
# Further RT Customization | |||
* These steps are not mandatory, and can be skipped if not desired. | |||
## Enable Full Text Indexing | |||
* This command modifies the database to enable full text indexing | |||
* Run: | |||
<pre>/opt/rt4/sbin/rt-setup-fulltext-index --no-attachments --dba-password XXX</pre> | |||
* NOTE: XXX is the postgres DB user password | |||
* DB Table: AttachmentsIndex | |||
* Column Name: ContentIndex | |||
* Index: GIN | |||
* As the last command will leave the postgres DB password in the command history, clear the relevant history record: | |||
<pre>history | |||
history -d <number></pre> | |||
* NOTE: <number> reflects the line number with the --dba-password statement | |||
## Prepare for Offline Attachments | |||
* This enables the migration of embedded attachments from the database to a local filesystem | |||
* Create the directory to store attached files | |||
<pre>mkdir /opt/rt4-atts</pre> | |||
## Modify Site Configuration for fulltext indexing and offline attachments | |||
* Modify <code>/opt/rt4/etc/RT_SiteConfig.pm</code>, inserting the following above the final <code>1;</code> line. | |||
<pre># enable FullTextSearch | |||
Set( %FullTextSearch, | |||
Enable => 1, | |||
Indexed => 1, | |||
Column => 'ContentIndex', | |||
Table => 'AttachmentsIndex', | |||
); | |||
# enable external file storage | |||
Set(%ExternalStorage, | |||
Type => 'Disk', | |||
Path => '/opt/rt4-atts', | |||
);</pre> | |||
## Create RT crontab entry | |||
* | |||
* Create <code>/etc/cron.d/rt</code> file: | |||
<pre># Request Tracker cron.d/rt file | |||
# | # For details see man 3 crontabs | ||
# | # Example of job definition: | ||
# .---------------- minute (0 - 59) | |||
# | .------------- hour (0 - 23) | |||
# | | .---------- day of month (1 - 31) | |||
# | | | .------- month (1 - 12) OR jan,feb,mar,apr ... | |||
# | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat | |||
# | | | | | | |||
# * * * * * user-name command to be executed | |||
* Connect to RT using your web browser and start your customization. | # Request Tracker crontab entries | ||
# attachments - daily moving of large attachments from DB to file system | |||
0 0 * * * root /opt/rt4/sbin/rt-externalize-attachments | |||
# indexer - daily indexing of db for fulltext search | |||
0 0 * * * root /opt/rt4/sbin/rt-fulltext-indexer --quiet | |||
# email digests - RT4 email digest processes | |||
0 0 * * * root /opt/rt4/sbin/rt-email-digest -m daily | |||
0 0 * * 0 root /opt/rt4/sbin/rt-email-digest -m weekly | |||
0 * * * * root /opt/rt4/sbin/rt-email-dashboards | |||
# clean sessions - once a day blow away any open sessions | |||
0 0 * * * root /opt/rt4/sbin/rt-clean-sessions 6H</pre> | |||
# Installation Complete | |||
## Reboot server to confirm service restart | |||
* It is recommended that you reboot the server to confirm all services restart and provide RT. | |||
## Access RT | |||
* Connect to RT using your web browser and start your site customization. |
Latest revision as of 17:26, 11 February 2019
RT 4.4.3 installation on CentOS 7.6.1810
NOTE: Original Document was for CentOS 7.2 and RT 4.4.1 with MySQL. Updated for CentOS 7.6, RT 4.4.3 with PostgreSQL.
CAUTION: Previous versions of this document has been stated that you cannot use this method to install RT 4.4.3 directly - this is corrected with a patch below. Best Practical will be fixing this issue in the 4.4.4 release.
This document provides a quick methodology for installing RT 4.4.3 on CentOS/RHEL 7.6 for an internet-connected server. There is a separate CentOS 6.x install at https://rt-wiki.bestpractical.com/wiki/CentOS6Install.
- Assumptions
* Access to the internet and CentOS OS and update repositories is available. * Installation testing was completed using CentOS 7.6.1810 minimal boot ISO. * httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment. * Testing was conducted in both KVM and vSphere environments. * Note that the EPEL repository is not required for installation on CentOS 7.
- OS Installation and Initial Configuration
* (!) It is possible to automate the majority of this section using kickstart files.
- Install OS.
* Install the OS from ISO or PXE boot using your normal methodology.
- Install prerequisites for RT from OS repository.
yum install expat gd graphviz openssl expat-devel gd-devel graphviz-devel openssl-devel perl perl-CPAN wget screen mod_fcgid postgresql-server postgresql-devel yum groupinstall "Development Tools" "Web Server"
* NOTE: We use PostgreSQL as the DB which allows us to enable full text search. (This is a change from the previous version of the document which used MySQL/MariaDB.)
- Patch OS
yum update
- Disable selinux, by editing /etc/sysconfig/selinux:
SELINUX=disabled
* reboot the OS
- Initialize the database:
postgresql-setup initdb
- Adjust local services:
systemctl enable postgresql.service systemctl enable httpd.service systemctl start postgresql.service systemctl stop httpd.service
* NOTE: httpd service needs to be stopped to allow RT web based configuration later.
- Configure Supporting Software
- Configure postgres user password for postgresql, where 'xxx' is the 'password':
sudo -u postgres psql ALTER USER postgres PASSWORD 'xxx'; \q
* NOTE: This step configures the internal DB postgres password for the local instance of postgresql
- Reconfigure postgres local user access
Configure PostgreSQL to use md5 passwords (needed for RT). Edit /var/lib/pgsql/data/pg_hba.conf and modify the following line from peer to md5:
# "local" is for Unix domain socket connections only #local all all peer local all all md5
- Restart postgres server
systemctl restart postgresql.service
- Install CPAN minus.
curl -L http://cpanmin.us | perl - --sudo App::cpanminus
- RT Dependencies and Installation
- Get RT
mkdir rt cd rt wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz.asc
- Verify downloads
* NOTE: Release notes are found at https://bestpractical.com/release-notes/rt/4.4.3 * extract the sha256sums from the release notes online and add them to a new sha256sum.txt file.
738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1 rt-4.4.3.tar.gz 29e0f9c44e30fb8bb2d23448f1930593aef28e4b3faf5bd22619f52e53229c4f rt-4.4.3.tar.gz.asc
* confirm the files:
sha256sum -c sha256sum.txt
* Confirm the GPG key signatures
gpg rt-4.4.3.tar.gz.asc gpg --keyserver keyserver.ubuntu.com --recv-key XXX gpg rt-4.4.3.tar.gz.asc
* NOTE: identify the RSA key ID from the first and replace XXX with the key (RSA key ID 0xFEAC80B2 as of 11 Feb 19)
- Extract the files
tar xvzf rt-4.4.3.tar.gz -C /tmp cd /tmp/rt-4.4.3
- Configure RT:
./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache --with-db-type=Pg
- Configure RT to use cpanm for fixdeps:
export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm
- Test the dependencies:
make testdeps
- Install the dependencies:
make fixdeps
* NOTE: You may need to run the command more than once. * You may need to force the install of a module to complete the install:
cpanm HTTP::Headers::Fast --force
- Confirm dependencies:
make testdeps
- Insert a missing dependency into lib/RT/Interface/Web/Handler.pm:
* REF: https://github.com/bestpractical/rt/commit/e07af30477 * Edit the file and insert the RT::ObjectCustomFieldValues at line 61:
use RT::Interface::Web::Request; use RT::ObjectCustomFieldValues; use File::Path qw( rmtree );
- Install RT (default install is to the /opt/rt4 directory):
make install
- RT Configuration using Web Interface
* (!) It is possible to complete this step by editing the RT files directly, and creating the database. Refer to the RT documentation for manual steps.
- Configure firewalld to open port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent firewall-cmd --reload
* Note: This is an example only, which provides full access to the http port.. Configure your firewall as per site policies.
- Start the first run installation instance:
/opt/rt4/sbin/rt-server
- Configure using the web interface.
* Access the server using a web browser to access the http port. * Configure the RT instance using the web interface. Refer to the RT documentation.
- Shutdown the rt-server instance.
* When completed Ctrl-C the rt-server instance started above.
- Configure web server
- Modify /etc/httpd/conf.d/fcgid.conf. Add:
FcgidMaxRequestLen 1073741824
- Create /etc/httpd/conf.d/rt.conf:
# RT4 configuration for Apache # # With minor changes, this configuration is based on the original documentation: # https://docs.bestpractical.com/rt/4.4.2/web_deployment.html # ### Optional apache logs for RT # Ensure that your log rotation scripts know about these files # ErrorLog /opt/rt4/var/log/apache2.error # TransferLog /opt/rt4/var/log/apache2.access # LogLevel debug AddDefaultCharset UTF-8 ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/ DocumentRoot "/opt/rt4/share/html" <Location /> # For Centos7/Apache 2.4 use this line: Require all granted # For Centos6/Apache 2.2 use these two lines: # Order allow,deny # Allow from all Options +ExecCGI AddHandler fcgid-script fcgi </Location>
- Start apache:
systemctl start httpd.service
- Further RT Customization
* These steps are not mandatory, and can be skipped if not desired.
- Enable Full Text Indexing
* This command modifies the database to enable full text indexing * Run:
/opt/rt4/sbin/rt-setup-fulltext-index --no-attachments --dba-password XXX
* NOTE: XXX is the postgres DB user password * DB Table: AttachmentsIndex * Column Name: ContentIndex * Index: GIN * As the last command will leave the postgres DB password in the command history, clear the relevant history record:
history history -d <number>
* NOTE: <number> reflects the line number with the --dba-password statement
- Prepare for Offline Attachments
* This enables the migration of embedded attachments from the database to a local filesystem * Create the directory to store attached files
mkdir /opt/rt4-atts
- Modify Site Configuration for fulltext indexing and offline attachments
* Modify/opt/rt4/etc/RT_SiteConfig.pm
, inserting the following above the final1;
line.
# enable FullTextSearch Set( %FullTextSearch, Enable => 1, Indexed => 1, Column => 'ContentIndex', Table => 'AttachmentsIndex', ); # enable external file storage Set(%ExternalStorage, Type => 'Disk', Path => '/opt/rt4-atts', );
- Create RT crontab entry
*
* Create /etc/cron.d/rt
file:
# Request Tracker cron.d/rt file # For details see man 3 crontabs # Example of job definition: # .---------------- minute (0 - 59) # | .------------- hour (0 - 23) # | | .---------- day of month (1 - 31) # | | | .------- month (1 - 12) OR jan,feb,mar,apr ... # | | | | .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat # | | | | | # * * * * * user-name command to be executed # Request Tracker crontab entries # attachments - daily moving of large attachments from DB to file system 0 0 * * * root /opt/rt4/sbin/rt-externalize-attachments # indexer - daily indexing of db for fulltext search 0 0 * * * root /opt/rt4/sbin/rt-fulltext-indexer --quiet # email digests - RT4 email digest processes 0 0 * * * root /opt/rt4/sbin/rt-email-digest -m daily 0 0 * * 0 root /opt/rt4/sbin/rt-email-digest -m weekly 0 * * * * root /opt/rt4/sbin/rt-email-dashboards # clean sessions - once a day blow away any open sessions 0 0 * * * root /opt/rt4/sbin/rt-clean-sessions 6H
- Installation Complete
- Reboot server to confirm service restart
* It is recommended that you reboot the server to confirm all services restart and provide RT.
- Access RT
* Connect to RT using your web browser and start your site customization.