Install
Guide for RT 3.8.4 on SLES 11
Author: Alexandre Vovan (a
DOT vovan AT artisbene DOT org)
Updated: 17 July 2009
Scope:
This install guide is for RT 3.8.4 on a
minimal, no-GUI SLES 11 machine used only for RT. This document takes care of
OS installation and configuration of RT, and does not touch basic email setup (such as postfix
or sendmail
configuration).
Additional
Notes:
It is recommended to get an activation code
for SLES on the Novell website to do the online updates. SLES 11 may be
installed on baremetal or as a virtual guest. In this case, I've installed the
64-bit, multiprocessor version as a ESX/ESXi 4 guest, in full virtualization
mode. Memory usage is approx. 256Mb in idle mode, and disk usage is approx 3Gb.
Versions:
cat /etc/SuSE-release:
SUSE Linux Enterprise Server 11
(x86_64)
VERSION = 11
PATCHLEVEL = 0
uname -srio:
Linux 2.6.27.23-0.1-default x86_64
GNU/Linux
httpd2 -v:
Server version: Apache/2.2.10
(Linux/SUSE)
Server
built: Feb 23 2009 21:08:14
SLES
11 Installation Settings:
Remove Gnome, X Windows, Print Server,
Web-based Enterprise Management
Add C/C++ Compiler and Tools
Disable IPv6
Disable Firewall
If DHCP-configured with access to Internet:
Enter Activation Code and run Online Update (you may need to do this many
times)
Do not create CA and Certificate (unless you
use LDAP)
Static
IP Configuration:
Configure IP address:
vi
/etc/sysconfig/network/ifcfg-eth0
BOOTPROTO
=ÕstaticÕ
IPADDR=''yourIP"
NETMASK="yournetmask"
Add default route:
vi
/etc/sysconfig/network/ifroute-eth0
default
yourgatewayIP
0.0.0.0 eth0
Add name resolver :
vi
/etc/sysconfig/network/config
NETCONFIG_DNS_STATIC_SERVERS=ÓyourresolverIPÓ
netconfig
update
Restart network services:
/etc/init.d/network
eth0 restart
Enter Activation Code:
yast2
--> Support/Novell Customer Center Configuration
Perform all online updates (you may need to
do this many times):
yast2
--> Software/Online Update
Software
Repositories:
To use the online software repositories:
yast2
--> Software/Software Repositories
Disable
Suse-Linux-Enterprise-Server-11 11-0
Enable
SLES11-Pool
If
installing SLES 11 as ESX/ESXi Guest:
Insert and connect CD in the ESX Client
Install VMWare Tools in SLES 11:
mkdir
/media/cdrom
mount
/dev/cdrom /media/cdrom
rpm
-i VMwareTools-4.0.0-164009.i386.rpm
/usr/bin/vmware-config-tools.pl
Modules
for RT:
Install, using zypper:
apache2-mod_perl,
apache2-mod_python
mysql-max,
gd, ncftp, openssl
perl-DBD-mysql,
perl-MIME-tool
Install, using rpm:
zlib-devel
(latest version):
wget
ftp://ftp.pbone.net/mirror/ftp5.gwdg.de/pub/opensuse/repositories/Base:/build/standard/x86_64/zlib-devel-1.2.3-135.52.x86_64.rpm
libopenssl-devel
(version 0.9.8h to match SLES 11
installation):
ncftpget
ftp://rpmfind.net/linux/opensuse/update/11.1/rpm/x86_64/libopenssl-devel-0.9.8h-28.7.1.x86_64.rpm
Install lynx
(latest version) from source:
wget
http://lynx.isc.org/current/lynx-cur.tgz
Install Perl CPAN modules:
perl
-MCPAN -eshell
o
conf prerequisites_policy follow
o
conf commit
install
YAML
install
Bundle::CPAN
reload
CPAN
install
LWP
install
Apache::DBI
install Test::Pod manually (version 1.26; version 1.40 does not
test OK on SLES 11) :
wget
http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/Test-Pod-1.26.tar.gz
MYSQL
Configuration:
/etc/init.d/mysql start
/usr/bin/mysql_secure_installation
RT
Installation:
Create RT user and group:
groupadd
rt
useradd
-m -g rt rt_user
Download RT:
wget
http://download.bestpractical.com/pub/rt/release/rt.tar.gz
tar
xf rt.tar.gz
cd
rt-3.8.4
./configure
--prefix=/opt/rt3 --with-web-user=rt_user --with-web-group=rt
--with-db-database=rt3 --with-db-rt-pass=yourpass --with-db-type=mysql
--with-rt-group=rt --with-apachectl=/usr/local/apache2/bin/apachectl
Fix Perl dependencies (you may need to do
this more than once):
make
fixdeps
Check dependencies:
make
testdeps
Install RT:
make
install
make
initialize-database
RT
Site Configuration:
Configure RT_SiteConfig.pm:
vi
/opt/rt3/etc/RT_SiteConfig.pm
Set($rtname
, "rt.yourdomainename");
Set($Organization
, "yourdomainename");
Set($CorrespondAddress
, 'yourname@yourdomainename');
Set($CommentAddress
, 'yourname@yourdomainename');
Set($OwnerEmail
, 'root');
Set($MaxAttachmentSize
, 10000000);
Set($WebBaseURL,
"http://rt.yourdomainename");
Set($WebImagesURL
, $WebPath . "/NoAuth/images/");
Set($LogoURL,
$WebImagesURL . "yourlogo.gif");
Set($LogoLinkURL,
'http://yourdomainename');
Set($LogoImageURL,
$WebImagesURL . "yourlogo.gif");
Set($LogoAltText,
"your company name");
#
THE DATABASE:
Set($DatabaseType,
'mysql');
Set($DatabaseUser
, 'rt_user');
Set($DatabasePassword
, 'yourpassword');
Set($DatabaseName
, 'rt3');
#
THE WEBSERVER:
Set($WebPath
, "");
#Set($WebPath
, "/");
Set($WebBaseURL
, "http://rt.yourdomainename");
1;
Allow web server to write in mason_data
directory:
chown
wwwrun.www /opt/rt3/var/mason_data
chown
wwwrun.www /opt/rt3/var/mason_data/obj
Apache2
Configuration:
Add Perl module:
vi
/etc/sysconfig/apache2
add
"perl" to the APACHE_MODULES variable
Create rt.conf
virtual host file:
vi
/etc/apache2/vhosts.d/rt.conf
<VirtualHost
*:80>
ServerAdmin
yourname@yourdomainname
ServerName
rt.yourdomainname
DocumentRoot
/opt/rt3/share/html
AddDefaultCharset
UTF-8
SetHandler
perl-script
PerlHandler
RT::Mason
PerlModule
Apache::DBI
PerlRequire
/opt/rt3/bin/webmux.pl
<Directory
/opt/rt3/share/html>
Options
ExecCGI +FollowSymLinks
AllowOverride
All
Order
deny,allow
Allow
from 192.168.1.0/24 # watch for HTTP/1.1 403 Forbidden
Deny
from all
</Directory>
</VirtualHost>
If you get the following warnings in /var/log/apache2:
apr_sockaddr_info_get() failed:
vi
/etc/hosts:
yourIP
yourhost yourFQDN
Apache2/SSL
Configuration:
Get certificate and key fiels from a CA and
put them in:
/etc/apache2/ssl.crt/server.crt
/etc/apache2/ssl.key/server.key
If you need a self-signed certificate
instead:
openssl
req -new -x509 -nodes -out server.crt -keyout server.key
cp
server.crt /etc/apache2/ssl.crt/server.crt
cp
server.key /etc/apache2/ssl.key/server.key
Create an SSL site-specific configuration
file:
vi
/etc/apache2/vhosts.d/rt-ssl.conf:
<VirtualHost
*:443>
ServerAdmin yourname@yourdomain
ServerName yourhost.yourdomain
DocumentRoot /opt/rt3/share/html
SSLEngine on
SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /etc/apache2/ssl.crt/server.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/srv/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog /var/log/apache2/ssl_request_log ssl_combined
AddDefaultCharset UTF-8
SetHandler perl-script
PerlHandler RT::Mason
PerlModule Apache::DBI
PerlRequire /opt/rt3/bin/webmux.pl
<Directory /opt/rt3/share/html>
Options ExecCGI +FollowSymLinks
AllowOverride All
Order deny,allow
Allow from 192.168.1.0/24
Deny from all
</Directory>
</VirtualHost>
To force apache2
to load with SSL at boot-time, comment out the
following tags:
<IfDefine
SSL>
<IfDefine
!NOSSL>
</IfDefine>
</IfDefine>
in the following files:
/etc/apache2/ssl-global.conf
/etc/apache2/listen.conf
RT
Mail Configuration:
Create an alias that will accept mail and
post it in a queue:
vi
/etc/aliases
youralias:
"|/opt/rt3/bin/rt-mailgate --queue 'yourqueuename' --action correspond
--url http://yourhost.yourdomain"
newaliases
Make sure your queue has at least assigned
"CreateTicket" rights to the people who will send to it.
If you are going to fetchmail
from another server:
vi
/etc/fetchmailrc
poll
"yourotherserver" protocol yourpostofficeprotocol :
user "youruser@yourdomain" with password
"yourpassword" is "yourqueuename" here
;
Final
Steps:
Perform all updates:
yast2
--> Software/Online Update
Make sure services load at boot-time:
chkconfig
mysql on
chkconfig
apache2 on
chkconfig
-d smartd
Optional/Suggested:
install
nmap and
remove any unnecessary services with zypper
Restart server to see if everything loads
correctly at boot time:
shutdown
-r now