(also available on the RT Wiki)
Scope:
This install guide is for RT 3.8.4 on a minimal, no-GUI SLES 11 machine used only for RT. This document takes care of OS installation and configuration of RT, and does not touch basic email setup (such as postfix or sendmail configuration).
Additional Notes:
It is recommended to get an activation code for SLES on the Novell website to do the online updates. SLES 11 may be installed on baremetal or as a virtual guest. In this case, I've installed the 64-bit, multiprocessor version as a ESXi 4 guest, in full virtualization mode. Memory usage is approx. 256Mb in idle mode, and disk usage is approx 3Gb.
Versions:
cat /etc/SuSE-release: SUSE Linux Enterprise Server 11 (x86_64) VERSION = 11 PATCHLEVEL = 0 uname -srio: Linux 2.6.27.23-0.1-default x86_64 GNU/Linux httpd2 -v: Server version: Apache/2.2.10 (Linux/SUSE) Server built: Feb 23 2009 21:08:14SLES 11 Installation Settings:
- Remove Gnome, X Windows, Print Server, Web-based Enterprise Management
- Add C/C++ Compiler and Tools
- Disable IPv6
- Disable Firewall
- If DHCP-configured with access to Internet: Enter Activation Code and run Online Update (you may need to do this many times)
- Do not create CA and Certificate (unless you use LDAP)
Configure IP address:
vi /etc/sysconfig/network/ifcfg-eth0: BOOTPROTO =’static’ IPADDR=''yourIP" NETMASK="yournetmask"Add default route:
vi /etc/sysconfig/network/ifroute-eth0: default yourgatewayIP 0.0.0.0 eth0Add name resolver :
vi /etc/sysconfig/network/config: NETCONFIG_DNS_STATIC_SERVERS=”yourresolverIP” netconfig updateRestart network services:
/etc/init.d/network eth0 restartEnter Activation Code:
yast2 --> Support/Novell Customer Center ConfigurationPerform all online updates (you may need to do this many times):
yast2 --> Software/Online UpdateSoftware Repositories:
To use the online software repositories:
- yast2 --> Software/Software Repositories
- Disable Suse-Linux-Enterprise-Server-11 11-0
- Enable SLES11-Pool
Insert and connect CD in the ESX Client
Install VMWare Tools in SLES 11:
mkdir /media/cdrom mount /dev/cdrom /media/cdrom rpm -i VMwareTools-4.0.0-164009.i386.rpm /usr/bin/vmware-config-tools.pl
Modules for RT:
Install, using zypper:
- apache2-mod_perl
- apache2-mod_python
- mysql-max
- gd
- ncftp
- openssl
- perl-DBD-mysql
- perl-MIME-tool
- zlib-devel (latest version):
wget ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/Base:/build/standard/x86_64/zlib-devel-1.2.3-135.52.x86_64.rpm
- libopenssl-devel (version 0.9.8h to match SLES 11 installation):
ncftpget ftp://rpmfind.net/linux/opensuse/update/11.1/rpm/x86_64/libopenssl-devel-0.9.8h-28.7.1.x86_64.rpmInstall lynx (latest version) from source:
wget http://lynx.isc.org/current/lynx-cur.tgzInstall Perl CPAN modules:
perl -MCPAN -eshell: o conf prerequisites_policy follow o conf commit install YAML install Bundle::CPAN reload CPAN install LWP install Apache::DBIInstall Test::Pod manually (version 1.26; version 1.40 does not test OK on SLES 11) :
wget http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/Test-Pod-1.26.tar.gzMYSQL Configuration:
/etc/init.d/mysql start /usr/bin/mysql_secure_installation
RT Installation:
Create RT user and group:
groupadd rt useradd -m -g rt rt_userDownload RT:
wget http://download.bestpractical.com/pub/rt/release/rt.tar.gz tar xf rt.tar.gz cd rt-3.8.4 ./configure --prefix=/opt/rt3 --with-web-user=rt_user --with-web-group=rt --with-db-database=rt3 --with-db-rt-pass=yourpass --with-db-type=mysql --with-rt-group=rt --with-apachectl=/usr/local/apache2/bin/apachectlFix Perl dependencies (you may need to do this more than once):
make fixdepsCheck dependencies:
make testdepsInstall RT:
make install make initialize-databaseRT Site Configuration:
Configure RT_SiteConfig.pm:
vi /opt/rt3/etc/RT_SiteConfig.pm: Set($rtname , "rt.yourdomainename"); Set($Organization , "yourdomainename"); Set($CorrespondAddress , 'yourname@yourdomainename'); Set($CommentAddress , 'yourname@yourdomainename'); Set($OwnerEmail , 'root'); Set($MaxAttachmentSize , 10000000); Set($WebBaseURL, "http://rt.yourdomainename"); Set($WebImagesURL , $WebPath . "/NoAuth/images/"); Set($LogoURL, $WebImagesURL . "yourlogo.gif"); Set($LogoLinkURL, 'http://yourdomainename'); Set($LogoImageURL, $WebImagesURL . "yourlogo.gif"); Set($LogoAltText, "your company name"); # THE DATABASE: Set($DatabaseType, 'mysql'); Set($DatabaseUser , 'rt_user'); Set($DatabasePassword , 'yourpassword'); Set($DatabaseName , 'rt3'); # THE WEBSERVER: Set($WebPath , ""); #Set($WebPath , "/"); Set($WebBaseURL , "http://rt.yourdomainename"); 1;Allow web server to write in mason_data directory:
chown wwwrun.www /opt/rt3/var/mason_data chown wwwrun.www /opt/rt3/var/mason_data/obj
Apache2 Configuration:
Add Perl module:
vi /etc/sysconfig/apache2: add "perl" to the APACHE_MODULES variableCreate rt.conf virtual host file:
vi /etc/apache2/vhosts.d/rt.conf: <VirtualHost *:80> ServerAdmin yourname@yourdomainname ServerName rt.yourdomainname DocumentRoot /opt/rt3/share/html AddDefaultCharset UTF-8 SetHandler perl-script PerlHandler RT::Mason PerlModule Apache::DBI PerlRequire /opt/rt3/bin/webmux.pl <Directory /opt/rt3/share/html> Options ExecCGI +FollowSymLinks AllowOverride All Order deny,allow Allow from 192.168.1.0/24 # watch for HTTP/1.1 403 Forbidden Deny from all </Directory> </VirtualHost>If you get the following warnings in /var/log/apache2:
apr_sockaddr_info_get() failed:
vi /etc/hosts: yourIP yourhost yourFQDNApache2/SSL Configuration:
Get certificate and key fiels from a CA and put them in:
/etc/apache2/ssl.crt/server.crt
/etc/apache2/ssl.key/server.key
If you need a self-signed certificate instead:
openssl req -new -x509 -nodes -out server.crt -keyout server.key cp server.crt /etc/apache2/ssl.crt/server.crt cp server.key /etc/apache2/ssl.key/server.keyCreate an SSL site-specific configuration file:
vi /etc/apache2/vhosts.d/rt-ssl.conf: <VirtualHost *:443> ServerAdmin yourname@yourdomain ServerName yourhost.yourdomain DocumentRoot /opt/rt3/share/html SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log ssl_combined AddDefaultCharset UTF-8 SetHandler perl-script PerlHandler RT::Mason PerlModule Apache::DBI PerlRequire /opt/rt3/bin/webmux.pl <Directory /opt/rt3/share/html> Options ExecCGI +FollowSymLinks AllowOverride All Order deny,allow Allow from 192.168.1.0/24 Deny from all </Directory> </VirtualHost>To force apache2 to load with SSL at boot-time, comment out the following tags:
<IfDefine SSL>
<IfDefine !NOSSL>
</IfDefine>
</IfDefine>
in the following files:
/etc/apache2/ssl-global.conf
/etc/apache2/listen.conf
RT Mail Configuration:
Create an alias that will accept mail and post it in a queue:
vi /etc/aliases: youralias: "|/opt/rt3/bin/rt-mailgate --queue 'yourqueuename' --action correspond --url http://yourhost.yourdomain" newaliasesMake sure your queue has at least assigned "CreateTicket" rights to the people who will send to it.
If you are going to fetchmail from another server:
vi /etc/fetchmailrc: poll "yourotherserver" protocol yourpostofficeprotocol : user "youruser@yourdomain" with password "yourpassword" is "yourqueuename" here ;Final Steps:
Perform all updates:
yast2 --> Software/Online UpdateMake sure services load at boot-time:
chkconfig mysql on chkconfig apache2 on chkconfig -d smartdOptional/Suggested:
install nmap and remove any unnecessary services with zypper
Restart server to see if everything loads correctly at boot time:
shutdown -r now
Aucun commentaire:
Publier un commentaire