Ubuntu 8.04.1

From Request Tracker Wiki
Jump to navigation Jump to search


Unofficial Installation Guide

This is an unofficial installation guide. It may be outdated or apply only to very specific configurations and versions. The official and maintained installation steps for RT are in the README and UPGRADING documents included in the official .tar.gz packages.




This page 'Ubuntu 8.04.1' is tagged as OUTDATED
This page contains out of date and possibly misleading information or instructions such as installation methods or configuration examples that no longer apply. Please consider this warning when reading the page below.
If you have checked or updated this page and found the content to be suitable, please remove this notice by editing the page and remove the Outdated template tag.



Ubuntu 8.04.1 with RT 3.8.1 and LDAP with postfix as MTA working.

This is our First run to get RT 3.8.1 up and running on an Ubuntu 8.04.1 box. Please feel free to update and edit with more accurate information.

Download and unpack required files

After booting the Vmware Image and logging in as root, download and unpack the following package:

wget http://download.bestpractical.com/pub/rt/release/rt-3.8.1.tar.gz
tar -xvzf rt-3.8.1.tar.gz

After unpacking RT, run the following command in the newly created /rt-3.8.1 directory:

./configure

<!--Note that using rt.tar.gz instead of rt-3.8.1.tar.gz will download the latest version of RT, but this may mean changes in installation procedure.-->

Dependency installation

RT makes use of many CPAN modules and components external to the distributed package, and these must all be installed before installing RT. Note that these commands are run from the RT installation directory.

Note: if this is a fresh build of Ubuntu, it may not have unzip installed, at which point CPAN will not be properly configured and will fail the dependencies if any CPAN modules require unzip for extraction. You can test if you have unzip installed by running 'whereis unzip' from the shell prompt. If you've already completed the CPAN preferences, you can edit your myConfig.pm in your .cpan directory in your home directory.

Also, it's recommended that you run make as sudo command as some dependencies require elevated permissions to install.

First of all, check for already installed dependencies:

make testdeps

If there are unsatisfied dependencies, you will see complaints like "such-and-such not installed". To fix dependencies:

make fixdeps

Alternately, you can install missing items by hand. This is useful when 'make fixdeps' doesn't work, which can happen from time to time.

For example:
perl -MCPAN -e 'install DBD::mysql'
would install DBD::mysql.

Re-check to make sure everything was installed properly:

make testdeps

Create rt group == <!-- I don't know if this is needed, double check-->

Create a new Unix group called 'rt':

groupadd rt

Install

from within the rt build directory, type:

make install

Post install Procedures

After RT has been successfully installed, a directory will have been created at /opt/rt3. There are several post installation procedures that need to take place before RT will function normally, however.

Replace RT_SiteConfig.pm

Make a copy of the default RT_SiteConfig.pm:

cp /opt/rt3/etc/RT_SiteConfig.pm RT_SiteConfig.old

Then replace the default RT_SiteConfig.pm with our pre-configured RT_SiteConfig.pm file:


Set($WebBaseURL,'http://help.example.com'); Set($WebPath,''); Set($DatabaseName , 'rt3'); Set($DatabaseType , 'mysql'); Set($DatabaseUser, "root"); Set($DatabasePassword , 'pass'); Set($rtname,'Ticket'); Set($Organization, 'example.com'); #Set(@Plugins,(qw(Extension::QuickDelete))); #Set(@Plugins,(qw(RT::FM))); #Set(@Plugins,(qw(RT::Authen::ExternalAuth))); Set($LogToFileNamed , "rt.log"); Set($LogToFile , 'debug');

Set($CorrespondAddress , 'support@example.com'); Set($CommentAddress , 'support-comment@example.com');

  1. $MailCommand = 'sendmailpipe'; #$SendmailArguments = "-oi -t"; #$SendmailPath = "/usr/sbin/sendmail";

Set($MailCommand , 'sendmail'); Set($SendmailArguments , "-bm -- support@help.example.com"); Set($SendmailPath, "/usr/sbin/exim4"); Set($NotifyActor, 1);

Set($Timezone , 'US/Pacific');

$WebURL = $WebBaseURL . $WebPath . "/";

  1. Set($WebExternalAuth , 1); #Set($WebFallbackToInternalAuth , true); #Set($WebExternalAuto , 1);
# The order in which the services defined in ExternalSettings
   # should be used to get information about users. This includes
   # RealName, Tel numbers etc, but also whether or not the user
   # should be considered disabled.
   # Once user info is found, no more services are checked.
   Set($ExternalInfoPriority, [
   'My_LDAP'
   ]
   );
   
   # If this is set to true, then the relevant packages will
   # be loaded to use SSL/TLS connections. At the moment,
   # this just means "use Net::SSLeay;"
   Set($ExternalServiceUsesSSLorTLS, 0);
   
   # If this is set to 1, then users should be autocreated by RT
   # as internal users if they fail to authenticate from an
   # external service.
   Set($AutoCreateNonExternalUsers, 1);
   
   # These are the full settings for each external service as a HashOfHashes
   # Note that you may have as many external services as you wish. They will
   # be checked in the order specified in the Priority directives above.
   # e.g.
   #
   Set($ExternalAuthPriority,['My_LDAP']);
   #
   Set($ExternalSettings, {
   # AN EXAMPLE LDAP SERVICE
   'My_LDAP' => { ## GENERIC SECTION
   # The type of service (db/ldap/cookie)
   'type' => 'ldap',
   # Should the service be used for authentication?
   'auth' => 1,
   # Should the service be used for information?
   'info' => 1,
   # The server hosting the service
   'server' => 'example.com',
   ## SERVICE-SPECIFIC SECTION
   # If you can bind to your LDAP server anonymously youshould
   # remove the user and pass config lines, otherwisespecify them here:
   #
   # The username RT should use to connect to the LDAP server
   

replace (user) with the user you want to bind with

'user' => 'CN=(user),CN=Users,DC=example,DC=com',
   # The password RT should use to connect to the LDAP server
   'pass' => 'password',
   #
   # The LDAP search base
   'base' => 'dc=example,dc=com',
   # The filter to use to match RT-Users
   'filter' => '(objectclass=Person)',
   # The filter that will only match disabled users
   # 'd_filter' => '(serAccountControl:1.2.840.113556.1.4.803:=2)',
   'd_filter' => '(&(objectCategory=person)(objectClass=user)
   (userAccountControl:1.2.840.113556.1.4.803:=2))',
   # Should we try to use TLS to encrypt connections?
   'tls' => 0,
   # What other args should I pass to Net::LDAP->new($host,@args)?
   'net_ldap_args' => [ version => 3 ],
   # Does authentication depend on group membership? What group name?
   'group' => '',
   # What is the attribute for the group object thatdetermines membership?
   'group_attr' => '',
   ## RT ATTRIBUTE MATCHING SECTION
   # The list of RT attributes that uniquely identify a user
   'attr_match_list' => [ 'Name',
   'EmailAddress',
   'RealName',
   'WorkPhone',
   'Address2'
   ],
   # The mapping of RT attributes on to LDAP attributes
   'attr_map' => { 'Name' => 'sAMAccountName',
   'EmailAddress' => 'mail',
   'Organization' => 'physicalDeliveryOfficeName',
   'RealName' => 'cn',
   'ExternalAuthId' => 'sAMAccountName',
   'Gecos' => 'sAMAccountName',
   'WorkPhone' => 'telephoneNumber',
   'Address1' => 'streetAddress',
   'City' => 'l',
   'State' => 'st',
   'Zip' => 'postalCode',
   'Country' => 'co'
   }
   }
   }
   );
   1;
   

Replace 000_default file

Make a copy of the default '000_default' file:

cp /etc/apache2/sites-enabled/000_default 000_default.old

Then replace the default '000_default' with our pre-configured '000_default' file:


NameVirtualHost * 
<VirtualHost *> 
    ServerName help.com 
    #ServerAdmin webmaster@help.com 
       DocumentRoot /opt/rt3/share/html 
    AddDefaultCharset UTF-8 
    PerlModule Apache::DBI 
    PerlRequire /opt/rt3/bin/webmux.pl

<Directory /> 
    Options FollowSymLinks 
    AllowOverride None 
</Directory> 

<Directory /opt/rt3/share/html> 
    Options Indexes FollowSymLinks MultiViews 
    AllowOverride None Order allow,deny allow from all 
    SetHandler perl-script 
       PerlResponseHandler RT::Mason
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/ 

<Directory "/usr/lib/cgi-bin"> 
    AllowOverride None 
    Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch 
    Order allow,deny 
    Allow from all 
</Directory>

ErrorLog /var/log/apache2/error.log
  1. Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn

CustomLog /var/log/apache2/access.log combined ServerSignature On

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
    Options Indexes MultiViews FollowSymLinks
    AllowOverride None
    Order deny,allow
    Deny from all
    Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

</VirtualHost>


Initialize Database

After installing RT and replacing the RT_SiteConfig.pm file, and while still in the RT installation directory:

make initialize-database

Create Database User

After the database is initialized, You will need to create the database user and give it rights:

mysql -p 'password'
GRANT ALL PRIVILEGES ON rt3.* TO 'rt_user'@'localhost' IDENTIFIED BY 'rt_pass';
quit

Drop DB if something goes wrong

If the make initialize-database fails, type:

make dropdb<!-- This needs to be expanded upon.  What causes problems and how to fix those problems"-->

Download/Install RT-Authen-ExternalAuth

After finishing the RT installation and configuration, we will need to install the LDAP plugin for RT in order to use RT with Active Directory credentials. Download and unpack the following file:

wget http://www.cpan.org/authors/id/F/FA/FALCONE/RT-Authen-ExternalAuth-0.06_02.tar.gz

Then, from the newly unpacked RT-Authen-ExternalAuth-0.06.02 directory, run:

perl Makefile.PL
make
make install

Configure Postfix and RT Mail

links I used: http://linuxnet.ca/postfix/dedicated_transport.html http://wiki.zimbra.com/index.php?title=Configuring_Postfix_to_work_with_piped_scripts

Configuration main.cf for postfix /etc/postfix/main.cf


  1. See /usr/share/postfix/main.cf.dist for a commented, more complete version
  1. Debian specific: Specifying a file name will cause the first # line of that file to be used as the name. The Debian default # is /etc/mailname. #myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu) biff = no

  1. appending .domain is the MUA's job. append_dot_mydomain = no
  1. Uncomment the next line to generate "delayed mail" warnings #delay_warning_time = 4h

readme_directory = no

  1. TLS parameters smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key smtpd_use_tls=yes smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
  1. See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for # information on enabling SSL in the smtp client.

myhostname = help.help.com alias_maps = hash:/etc/aliases alias_database = hash:/etc/aliases myorigin = /etc/mailname mydestination = example.com , localhost relayhost = mynetworks = 127.0.0.0/8 mailbox_size_limit = 0 recipient_delimiter = + inet_interfaces = all virtual_alias_maps = hash:/etc/postfix/transport inet_protocols = all


Configuration for master.cf for postfix /etc/postfix/makster Added These lines


  1. rt rt-pipe unix - n n - - pipe
flags= user=support argv=/opt/rt3/bin/rt-mailgate --queue general --action correspond --url http://help.help.com/

rt-comment-pipe unix - n n - - pipe

flags= user=support argv=/opt/rt3/bin/rt-mailgate --queue general --action comment --url https://help.help.com/

Configuration of /etc/postfix/transport/


  1. Pipe transports for RT queues # YOU HAVE TO ADD THE PIPES TO /opt/zimbra/postfix/conf/master.cf if you want them to work!!! rt@help.help.com rt-pipe rt-comment@help.help.com rt-comment-pipe

Note: Make sure you run the db configure for the transport file after you edit it:

postmap /etc/postfix/transport

Steps for integrating RT

'''1. Configure the Postfix main.cf to handle an additional transport map'''

vi /etc/postfix/main.cf

transport_maps = hash:/etc/postfix/transport

'''2. Create the transport map'''

vi /etc/postfix/transport and place the following lines at the top:
   
   # Pipe transports for RT queues
   # YOU HAVE TO ADD THE PIPES TO /opt/zimbra/postfix/conf/master.cf if you want them to work!!!
   rt@example.com     rt-pipe
   rt-comment@example.com     rt-comment-pipe
   
   
   

And then create the transport db by executing:

postmap /etc/postfix/transport

'''3. Define the pipe transports'''

The transport definitions 'rt-pipe' and 'rt-comment-pipe' must now be defined. Edit /etc/postfix/master.cf and add the following lines to the end of the file:

rt-pipe unix - n n - - pipe
  flags= user=www-data argv=/opt/rt3/bin/rt-mailgate --queue general --action correspond --url http://help.help.com/

rt-comment-pipe unix - n n - - pipe
  flags= user=www-data argv=/opt/rt3/bin/rt-mailgate --queue general --action comment --url https://help.help.com/

Note that the 2nd line needs to be right under the first and must start with whitespace. Also make sure the user= line is pointing to a valid user with permissions to execute the script.

'''4. Restart Postfix and test'''

Execute the following commands:

postfix reload

Now, you should be able to email rt@help.help.com and receive a message back. grep for RT in /var/log/messages as well as tail /var/log/mail to watch for errors.

Debugging Mail on RT

links: http://sial.org/howto/rt/

IMPORTANT NOTES

Log locations

Key locations for debug log files

/var/log/apache2/

This contains most of the errors that RT throws. If your apache fails to start go here to look for clues.

<!-- Note that this should be not needed with new auth 0.6 but we'll keep around until we confirm === Apply Uservendor.pm Patch === http://www.gossamer-threads.com/lists/rt/users/77286

Autocreation works if you copy local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth to local/html/Callbacks/ExternalAuth/autohandler/Auth and apply the following patch to User_Vendor.pm:

  • Note: you will have to create the destination directory for this to work
cp /opt/rt3/local/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth /opt/rt3/local/html/Callbacks/ExternalAuth/autohandler/Auth

--- local/lib/RT/User_Vendor.pm~ 2008-04-09 10:40:44.000000000 +0200 +++ ./local/lib/RT/User_Vendor.pm 2008-08-04 17:46:32.000000000 +0200 @@ -348,7 +348,7 @@ return (undef); }

- if ( $self->PrincipalObj->Disabled ) { + if ( $self->PrincipalObj and $self->PrincipalObj->Disabled ) { $RT::Logger->info("Disabled user " . $self->Name . " tried to log in" ); return (undef); -->

Footnotes

<!-- This should probably go in a different wiki for RT user manual-->

Updating Users from LDAP to privileged users

http://www.nabble.com/How-to-update-email-address-on-RT-Wiki--td20141025.html Configuration->Users->Find all users whose 'email' matches 'yourusersemail@help.com'