Difference between revisions of "CentOS7Install"

From Request Tracker Wiki
Jump to navigation Jump to search
m
m
 
(13 intermediate revisions by 2 users not shown)
Line 1: Line 1:
== RT 4.4.1 installation on CentOS 7.2.1511 ==
== RT 4.4.3 installation on CentOS 7.6.1810 ==


This document provides a quick methodology for installing RT 4.4.1 on CentOS/RHEL 7.2 for an internet-connected server.  It should be suitable with minor modifications for installation on CentOS 6.8 also.  Where necessary notes about the different install steps for CentOS/RHEL 6.8 are indicated below.
NOTE:  Original Document was for CentOS 7.2 and RT 4.4.1 with MySQL.  Updated for CentOS 7.6, RT 4.4.3 with PostgreSQL.
 
CAUTION:  Previous versions of this document has been stated that you cannot use this method to install RT 4.4.3 directly - this is corrected with a patch below.  Best Practical will be fixing this issue in the 4.4.4 release.
 
This document provides a quick methodology for installing RT 4.4.3 on CentOS/RHEL 7.6 for an internet-connected server.  There is a separate CentOS 6.x install at https://rt-wiki.bestpractical.com/wiki/CentOS6Install.


# Assumptions
# Assumptions
  * Access to the internet and CentOS OS and update repositories is available.
  * Access to the internet and CentOS OS and update repositories is available.
  * Installation testing was completed using CentOS 7.2.1511 minimal boot ISO.
  * Installation testing was completed using CentOS 7.6.1810 minimal boot ISO.
  * httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment.
  * httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment.
  * Testing was conducted in both KVM and vSphere environments.
  * Testing was conducted in both KVM and vSphere environments.
 
* Note that the EPEL repository is not required for installation on CentOS 7.
== Installation Steps ==


# OS Installation and Initial Configuration
# OS Installation and Initial Configuration
Line 16: Line 19:
  * Install the OS from ISO or PXE boot using your normal methodology.
  * Install the OS from ISO or PXE boot using your normal methodology.
## Install prerequisites for RT from OS repository.
## Install prerequisites for RT from OS repository.
<pre>yum install expat gd graphviz mariadb-server openssl expat-devel gd-devel graphviz-devel mariadb-devel openssl-devel perl perl-CPAN wget screen mod_fcgid
<pre>yum install expat gd graphviz openssl expat-devel gd-devel graphviz-devel openssl-devel perl perl-CPAN wget screen mod_fcgid postgresql-server postgresql-devel
yum groupinstall "Development Tools" "Web Server"</pre>
yum groupinstall "Development Tools" "Web Server"</pre>
  * NOTE: On previous versions of CentOS/RHEL, replace the mariadb-server and mariadb-devel RPMs above with mysql-server and mysql-devel.
  * NOTE: We use PostgreSQL as the DB which allows us to enable full text search. (This is a change from the previous version of the document which used MySQL/MariaDB.)
## Patch OS
## Patch OS
<pre>yum update</pre>
<pre>yum update</pre>
* Reboot the OS.
* If you are continuing to next step immediately, you do not need to reboot.
## Disable selinux, by editing /etc/sysconfig/selinux:
## Disable selinux, by editing /etc/sysconfig/selinux:
<code>SELINUX=disabled</code>
<code>SELINUX=disabled</code>
  * reboot the OS
  * reboot the OS
## Initialize the database:
<pre>postgresql-setup initdb</pre>
## Adjust local services:
## Adjust local services:
<pre>systemctl enable mariadb.service
<pre>systemctl enable postgresql.service
systemctl enable httpd.service
systemctl enable httpd.service
systemctl start mariadb.service
systemctl start postgresql.service
systemctl stop httpd.service</pre>
systemctl stop httpd.service</pre>
* CentOS 6.8:
<pre>chkconfig mysqld on
chkconfig httpd on
service mysqld start
service httpd stop</pre>
  * NOTE:  httpd service needs to be stopped to allow RT web based configuration later.
  * NOTE:  httpd service needs to be stopped to allow RT web based configuration later.
# Configure Supporting Software
# Configure Supporting Software
## Configure root password for mariadb:
## Configure postgres user password for postgresql, where 'xxx' is the 'password':
<pre>mysqladmin -u root password</pre>
<pre>sudo -u postgres psql
  * NOTE:  This step configures the internal DB root password for the local instance of mysqld or mariadb
  ALTER USER postgres PASSWORD 'xxx';
  \q</pre>
  * NOTE:  This step configures the internal DB postgres password for the local instance of postgresql
## Reconfigure postgres local user access
Configure PostgreSQL to use md5 passwords (needed for RT).  Edit /var/lib/pgsql/data/pg_hba.conf and modify the following line from peer to md5:
<pre># "local" is for Unix domain socket connections only
#local  all        all                              peer
local  all        all                              md5</pre>
## Restart postgres server
<pre>systemctl restart postgresql.service</pre>
## Install CPAN minus.
## Install CPAN minus.
<pre>curl -L http://cpanmin.us | perl - --sudo App::cpanminus</pre>
<pre>curl -L http://cpanmin.us | perl - --sudo App::cpanminus</pre>
# RT Dependencies and Installation
## Get RT
<pre>mkdir rt
cd rt
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz.asc</pre>
## Verify downloads
* NOTE: Release notes are found at https://bestpractical.com/release-notes/rt/4.4.3
* extract the sha256sums from the release notes online and add them to a new sha256sum.txt file.
<pre>738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1  rt-4.4.3.tar.gz
29e0f9c44e30fb8bb2d23448f1930593aef28e4b3faf5bd22619f52e53229c4f  rt-4.4.3.tar.gz.asc</pre>
* confirm the files:
<pre>sha256sum -c sha256sum.txt</pre>
* Confirm the GPG key signatures
<pre>gpg rt-4.4.3.tar.gz.asc
gpg --keyserver keyserver.ubuntu.com --recv-key XXX
gpg rt-4.4.3.tar.gz.asc</pre>
* NOTE: identify the RSA key ID from the first and replace XXX with the key (RSA key ID 0xFEAC80B2 as of 11 Feb 19)
## Extract the files
<pre>tar xvzf rt-4.4.3.tar.gz -C /tmp
cd /tmp/rt-4.4.3</pre>
## Configure RT:
<pre>./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache --with-db-type=Pg</pre>
## Configure RT to use cpanm for fixdeps:
## Configure RT to use cpanm for fixdeps:
<pre>export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm</pre>
<pre>export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm</pre>
# RT Dependencies and Installation
## Get RT and extract to /tmp.
<pre>wget https://download.bestpractical.com/pub/rt/release/rt-4.4.1.tar.gz
tar xvzf rt-4.4.1.tar.gz -C /tmp
cd /tmp/rt-4.4.1</pre>
## Configure RT:
<pre>./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache</pre>
## Test the dependencies:
## Test the dependencies:
<pre>make testdeps</pre>
<pre>make testdeps</pre>
## Install the dependencies:
## Install the dependencies:
<pre>make fixdeps</pre>
<pre>make fixdeps</pre>
  * NOTE:  You may need to run the command more than once.  On RHEL/CentOS 6.8, you may need to manually force the addition of the GD perl module via <code>cpanm GD --force</code>, as there is a known issue with one of the built in tests for GD.
  * NOTE:  You may need to run the command more than once.
  * You may need to force the install of a module to complete the install:
  <pre>cpanm HTTP::Headers::Fast --force</pre>
## Confirm dependencies:
## Confirm dependencies:
<pre>make testdeps</pre>
<pre>make testdeps</pre>
## Insert a missing dependency into lib/RT/Interface/Web/Handler.pm:
* REF:  https://github.com/bestpractical/rt/commit/e07af30477
* Edit the file and insert the RT::ObjectCustomFieldValues at line 61:
<pre>use RT::Interface::Web::Request;
use RT::ObjectCustomFieldValues;
use File::Path qw( rmtree );</pre>
## Install RT (default install is to the /opt/rt4 directory):
## Install RT (default install is to the /opt/rt4 directory):
<pre> make install</pre>
<pre> make install</pre>
# RT Configuration using Web Interface
# RT Configuration using Web Interface
  * (!) It is possible to complete this step by editing the RT files directly, and creating the database.  Refer to the RT documentation for manual steps.
  * (!) It is possible to complete this step by editing the RT files directly, and creating the database.  Refer to the RT documentation for manual steps.
## Configure firewalld to open port 80
<pre>firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload</pre>
* Note:  This is an example only, which provides full access to the http port..  Configure your firewall as per site policies.
## Start the first run installation instance:
## Start the first run installation instance:
<pre>/opt/rt4/sbin/rt-server</pre>
<pre>/opt/rt4/sbin/rt-server</pre>
Line 70: Line 105:
## Shutdown the rt-server instance.
## Shutdown the rt-server instance.
  * When completed Ctrl-C the rt-server instance started above.
  * When completed Ctrl-C the rt-server instance started above.
# Configure RT:
* Modify RT to allow web access using a trailing /rt
* (!) This is a personal preference.  The web server example in the next section assumes /rt is used.
## Modify /opt/rt4/etc/RT_SiteConfig.pm.  Add the following line:
<code>Set( $WebPath, '/rt' );</code>
# Configure web server
# Configure web server
## Modify /etc/httpd/conf.d/fcgid.conf.  Add:
## Modify /etc/httpd/conf.d/fcgid.conf.  Add:
Line 80: Line 110:
## Create /etc/httpd/conf.d/rt.conf:
## Create /etc/httpd/conf.d/rt.conf:
<pre># RT4 configuration for Apache
<pre># RT4 configuration for Apache
#
# With minor changes, this configuration is based on the original documentation:
# https://docs.bestpractical.com/rt/4.4.2/web_deployment.html
#
### Optional apache logs for RT
### Optional apache logs for RT
# Ensure that your log rotation scripts know about these files
# Ensure that your log rotation scripts know about these files
Line 88: Line 122:
AddDefaultCharset UTF-8
AddDefaultCharset UTF-8


Alias /rt/NoAuth/images /opt/rt4/share/html/NoAuth/images/
ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/
 
ScriptAlias /rt /opt/rt4/sbin/rt-server.fcgi/


DocumentRoot "/opt/rt4/share/html"
DocumentRoot "/opt/rt4/share/html"


<Location /rt>
<Location />
   # For Centos7/Apache 2.4 this line:
   # For Centos7/Apache 2.4 use this line:
   Require all granted
   Require all granted
   # For Centos6/Apache 2.2 these two lines:
 
   # For Centos6/Apache 2.2 use these two lines:
   # Order allow,deny
   # Order allow,deny
   # Allow from all
   # Allow from all
   Options +ExecCGI
   Options +ExecCGI
   AddHandler fcgid-script fcgi
   AddHandler fcgid-script fcgi
Line 105: Line 139:
## Start apache:
## Start apache:
<pre>systemctl start httpd.service</pre>
<pre>systemctl start httpd.service</pre>
  * CentOS 6.8: <code>service httpd start</code>
# Further RT Customization
## Modify firewalld
  * These steps are not mandatory, and can be skipped if not desired.
  * Complete your firewalld configuration to suite your local requirements.
## Enable Full Text Indexing
  * (!) NOTE: Depending on install method, firewalld may not be installed. You can also stop it for testing with the <code>systemctl stop firewalld</code> command.
* This command modifies the database to enable full text indexing
  * On CentOS 6.8, you will need to modify your iptables configuration, or stop iptables using <code>service iptables stop</code>
* Run:
<pre>/opt/rt4/sbin/rt-setup-fulltext-index --no-attachments --dba-password XXX</pre>
  * NOTE:  XXX is the postgres DB user password
  * DB Table:    AttachmentsIndex
  * Column Name:  ContentIndex
  * Index:       GIN
* As the last command will leave the postgres DB password in the command history, clear the relevant history record:
<pre>history
history -d <number></pre>
  * NOTE:  <number> reflects the line number with the --dba-password statement
## Prepare for Offline Attachments
  * This enables the migration of embedded attachments from the database to a local filesystem
* Create the directory to store attached files
<pre>mkdir /opt/rt4-atts</pre>
## Modify Site Configuration for fulltext indexing and offline attachments
  * Modify <code>/opt/rt4/etc/RT_SiteConfig.pm</code>, inserting the following above the final <code>1;</code> line.
<pre># enable FullTextSearch
Set( %FullTextSearch,
    Enable    => 1,
    Indexed    => 1,
    Column    => 'ContentIndex',
    Table      => 'AttachmentsIndex',
);
# enable external file storage
Set(%ExternalStorage,
    Type => 'Disk',
    Path => '/opt/rt4-atts',
);</pre>
## Create RT crontab entry
  *
  * Create <code>/etc/cron.d/rt</code> file:
<pre># Request Tracker cron.d/rt file
 
# For details see man 3 crontabs
 
# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  | .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed
 
# Request Tracker crontab entries
  # attachments - daily moving of large attachments from DB to file system
  0 0 * * * root /opt/rt4/sbin/rt-externalize-attachments
  # indexer - daily indexing of db for fulltext search     
  0 0 * * * root /opt/rt4/sbin/rt-fulltext-indexer --quiet
  # email digests - RT4 email digest processes
  0 0 * * * root /opt/rt4/sbin/rt-email-digest -m daily
  0 0 * * 0 root /opt/rt4/sbin/rt-email-digest -m weekly
  0 * * * * root /opt/rt4/sbin/rt-email-dashboards
  # clean sessions - once a day blow away any open sessions
  0 0 * * * root /opt/rt4/sbin/rt-clean-sessions 6H</pre>
# Installation Complete
# Installation Complete
## Reboot server to confirm service restart
* It is recommended that you reboot the server to confirm all services restart and provide RT.
## Access RT
## Access RT
  * Connect to RT using your web browser and start your site customization.
  * Connect to RT using your web browser and start your site customization.

Latest revision as of 18:26, 11 February 2019

RT 4.4.3 installation on CentOS 7.6.1810

NOTE: Original Document was for CentOS 7.2 and RT 4.4.1 with MySQL. Updated for CentOS 7.6, RT 4.4.3 with PostgreSQL.

CAUTION: Previous versions of this document has been stated that you cannot use this method to install RT 4.4.3 directly - this is corrected with a patch below. Best Practical will be fixing this issue in the 4.4.4 release.

This document provides a quick methodology for installing RT 4.4.3 on CentOS/RHEL 7.6 for an internet-connected server. There is a separate CentOS 6.x install at https://rt-wiki.bestpractical.com/wiki/CentOS6Install.

  1. Assumptions
* Access to the internet and CentOS OS and update repositories is available.
* Installation testing was completed using CentOS 7.6.1810 minimal boot ISO.
* httpd (Apache) 2.4 and mod_fcgid Apache modules were used as the host environment.
* Testing was conducted in both KVM and vSphere environments.
* Note that the EPEL repository is not required for installation on CentOS 7.
  1. OS Installation and Initial Configuration
* (!) It is possible to automate the majority of this section using kickstart files.
    1. Install OS.
* Install the OS from ISO or PXE boot using your normal methodology.
    1. Install prerequisites for RT from OS repository.
yum install expat gd graphviz openssl expat-devel gd-devel graphviz-devel  openssl-devel perl perl-CPAN wget screen mod_fcgid postgresql-server postgresql-devel
yum groupinstall "Development Tools" "Web Server"
* NOTE: We use PostgreSQL as the DB which allows us to enable full text search. (This is a change from the previous version of the document which used MySQL/MariaDB.)
    1. Patch OS
yum update
    1. Disable selinux, by editing /etc/sysconfig/selinux:

SELINUX=disabled

* reboot the OS
    1. Initialize the database:
postgresql-setup initdb
    1. Adjust local services:
systemctl enable postgresql.service
systemctl enable httpd.service
systemctl start postgresql.service
systemctl stop httpd.service
* NOTE:  httpd service needs to be stopped to allow RT web based configuration later.
  1. Configure Supporting Software
    1. Configure postgres user password for postgresql, where 'xxx' is the 'password':
sudo -u postgres psql
  ALTER USER postgres PASSWORD 'xxx';
  \q
* NOTE:  This step configures the internal DB postgres password for the local instance of postgresql
    1. Reconfigure postgres local user access

Configure PostgreSQL to use md5 passwords (needed for RT). Edit /var/lib/pgsql/data/pg_hba.conf and modify the following line from peer to md5:

# "local" is for Unix domain socket connections only
#local   all         all                               peer
local   all         all                               md5
    1. Restart postgres server
systemctl restart postgresql.service
    1. Install CPAN minus.
curl -L http://cpanmin.us | perl - --sudo App::cpanminus
  1. RT Dependencies and Installation
    1. Get RT
mkdir rt
cd rt
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz
wget https://download.bestpractical.com/pub/rt/release/rt-4.4.3.tar.gz.asc
    1. Verify downloads
* NOTE: Release notes are found at https://bestpractical.com/release-notes/rt/4.4.3
* extract the sha256sums from the release notes online and add them to a new sha256sum.txt file.
738ab43cac902420b3525459e288515d51130d85810659f6c8a7e223c77dadb1  rt-4.4.3.tar.gz
29e0f9c44e30fb8bb2d23448f1930593aef28e4b3faf5bd22619f52e53229c4f  rt-4.4.3.tar.gz.asc
* confirm the files:
sha256sum -c sha256sum.txt
* Confirm the GPG key signatures
gpg rt-4.4.3.tar.gz.asc
gpg --keyserver keyserver.ubuntu.com --recv-key XXX
gpg rt-4.4.3.tar.gz.asc
* NOTE: identify the RSA key ID from the first and replace XXX with the key (RSA key ID 0xFEAC80B2 as of 11 Feb 19)
    1. Extract the files
tar xvzf rt-4.4.3.tar.gz -C /tmp
cd /tmp/rt-4.4.3
    1. Configure RT:
./configure --enable-graphviz --enable-gd --with-web-user=apache --with-web-group=apache --with-db-type=Pg
    1. Configure RT to use cpanm for fixdeps:
export RT_FIX_DEPS_CMD=/usr/local/bin/cpanm
    1. Test the dependencies:
make testdeps
    1. Install the dependencies:
make fixdeps
* NOTE:  You may need to run the command more than once.
* You may need to force the install of a module to complete the install:
cpanm HTTP::Headers::Fast --force
    1. Confirm dependencies:
make testdeps
    1. Insert a missing dependency into lib/RT/Interface/Web/Handler.pm:
* REF:  https://github.com/bestpractical/rt/commit/e07af30477
* Edit the file and insert the RT::ObjectCustomFieldValues at line 61:
use RT::Interface::Web::Request;
use RT::ObjectCustomFieldValues;
use File::Path qw( rmtree );
    1. Install RT (default install is to the /opt/rt4 directory):
 make install
  1. RT Configuration using Web Interface
* (!) It is possible to complete this step by editing the RT files directly, and creating the database.  Refer to the RT documentation for manual steps.
    1. Configure firewalld to open port 80
firewall-cmd --zone=public --add-port=80/tcp --permanent
firewall-cmd --reload
* Note:  This is an example only, which provides full access to the http port..  Configure your firewall as per site policies.
    1. Start the first run installation instance:
/opt/rt4/sbin/rt-server
    1. Configure using the web interface.
* Access the server using a web browser to access the http port.
* Configure the RT instance using the web interface.  Refer to the RT documentation.
    1. Shutdown the rt-server instance.
* When completed Ctrl-C the rt-server instance started above.
  1. Configure web server
    1. Modify /etc/httpd/conf.d/fcgid.conf. Add:

FcgidMaxRequestLen 1073741824

    1. Create /etc/httpd/conf.d/rt.conf:
# RT4 configuration for Apache
#
# With minor changes, this configuration is based on the original documentation:
# https://docs.bestpractical.com/rt/4.4.2/web_deployment.html
#
### Optional apache logs for RT
# Ensure that your log rotation scripts know about these files
# ErrorLog /opt/rt4/var/log/apache2.error
# TransferLog /opt/rt4/var/log/apache2.access
# LogLevel debug

AddDefaultCharset UTF-8

ScriptAlias / /opt/rt4/sbin/rt-server.fcgi/

DocumentRoot "/opt/rt4/share/html"

<Location />
  # For Centos7/Apache 2.4 use this line:
  Require all granted

  # For Centos6/Apache 2.2 use these two lines:
  # Order allow,deny
  # Allow from all

  Options +ExecCGI
  AddHandler fcgid-script fcgi
</Location>
    1. Start apache:
systemctl start httpd.service
  1. Further RT Customization
* These steps are not mandatory, and can be skipped if not desired.
    1. Enable Full Text Indexing
* This command modifies the database to enable full text indexing
* Run:
/opt/rt4/sbin/rt-setup-fulltext-index --no-attachments --dba-password XXX
  * NOTE:  XXX is the postgres DB user password
  * DB Table:     AttachmentsIndex
  * Column Name:  ContentIndex
  * Index:        GIN
* As the last command will leave the postgres DB password in the command history, clear the relevant history record:
history
history -d <number>
  * NOTE:   reflects the line number with the --dba-password statement
    1. Prepare for Offline Attachments
* This enables the migration of embedded attachments from the database to a local filesystem
* Create the directory to store attached files
mkdir /opt/rt4-atts
    1. Modify Site Configuration for fulltext indexing and offline attachments
* Modify /opt/rt4/etc/RT_SiteConfig.pm, inserting the following above the final 1; line.
# enable FullTextSearch
Set( %FullTextSearch,
    Enable     => 1,
    Indexed    => 1,
    Column     => 'ContentIndex',
    Table      => 'AttachmentsIndex',
);
# enable external file storage
Set(%ExternalStorage,
    Type => 'Disk',
    Path => '/opt/rt4-atts',
);
    1. Create RT crontab entry
* 
* Create /etc/cron.d/rt file:
# Request Tracker cron.d/rt file

# For details see man 3 crontabs

# Example of job definition:
# .---------------- minute (0 - 59)
# |  .------------- hour (0 - 23)
# |  |  .---------- day of month (1 - 31)
# |  |  |  .------- month (1 - 12) OR jan,feb,mar,apr ...
# |  |  |  |  .---- day of week (0 - 6) (Sunday=0 or 7) OR sun,mon,tue,wed,thu,fri,sat
# |  |  |  |  |
# *  *  *  *  * user-name command to be executed

# Request Tracker crontab entries
  # attachments - daily moving of large attachments from DB to file system
  0 0 * * * root /opt/rt4/sbin/rt-externalize-attachments
  # indexer - daily indexing of db for fulltext search      
  0 0 * * * root /opt/rt4/sbin/rt-fulltext-indexer --quiet
  # email digests - RT4 email digest processes
  0 0 * * * root /opt/rt4/sbin/rt-email-digest -m daily
  0 0 * * 0 root /opt/rt4/sbin/rt-email-digest -m weekly
  0 * * * * root /opt/rt4/sbin/rt-email-dashboards
  # clean sessions - once a day blow away any open sessions 
  0 0 * * * root /opt/rt4/sbin/rt-clean-sessions 6H
  1. Installation Complete
    1. Reboot server to confirm service restart
* It is recommended that you reboot the server to confirm all services restart and provide RT.
    1. Access RT
* Connect to RT using your web browser and start your site customization.