Project

General

Profile

Install Redmine 34 on RHEL74 » History » Version 21

Christophe de Dinechin, 2018-02-02 15:39

1 1 Christophe de Dinechin
h1. Install Redmine 3.4 on RHEL7.4
2
3
Here is a procedure that worked for me to install Redmine 3.5 on RHEL 7.4. These instructions work as for Feb 1st, 2018.
4
I also chose to install with Postgres 10 to migrate an existing instance, although I believe it works with the default Postgres 9.2.
5
6
h2. Dependencies
7
8
Install the required packages.
9
<pre>
10 15 Christophe de Dinechin
% sudo yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel postgresql-devel ImageMagick-devel
11 1 Christophe de Dinechin
</pre>
12
13
h2. Choice of database
14
15
Install your database of choice. I've mostly tested with Postgres 10.
16
17 2 Christophe de Dinechin
h3. Postgres 10
18 1 Christophe de Dinechin
19 2 Christophe de Dinechin
You can upgrade to Postgres 10 if you need for example to transfer an existing database.
20 1 Christophe de Dinechin
<pre>
21 2 Christophe de Dinechin
# More recent Postgres 10
22
% sudo yum -y install https://download.postgresql.org/pub/repos/yum/10/redhat/rhel-7-x86_64/pgdg-redhat10-10-1.noarch.rpm
23 3 Christophe de Dinechin
% sudo yum install -y postgresql10-server postgresql10 postgres-devel
24 4 Christophe de Dinechin
% export PATH=/usr/pgsql-10/bin/:$PATH
25 5 Christophe de Dinechin
% postgresql-10-setup initdb
26 1 Christophe de Dinechin
</pre>
27
28 2 Christophe de Dinechin
Note that the @postgres-devel@ package is still required for the @bundle install@ step below, and I am not sure if that step works with Postgres 10.
29 1 Christophe de Dinechin
30 2 Christophe de Dinechin
Like for Postgres 9, you need to add @trust@ for local IPv6 connexions in @/var/lib/pgsql/10/data/pg_hba.conf@:
31 1 Christophe de Dinechin
32
<pre>
33
# TYPE  DATABASE        USER            ADDRESS                 METHOD
34
35
# "local" is for Unix domain socket connections only
36
local   all             all                                     peer
37
# IPv4 local connections:
38
host    all             all             127.0.0.1/32            trust
39
# IPv6 local connections:
40
host    all             all             ::1/128                 trust
41 16 Christophe de Dinechin
</pre>
42
43
You can then start the database server:
44
<pre>
45
% sudo systemctl start postgresql-10
46
% sudo systemctl enable postgresql-10
47 1 Christophe de Dinechin
</pre>
48
49
Check that you can connect to the database, then create the @redmine@ user and a @redmine@ database:
50
<pre>
51
% sudo su - postgres
52 6 Christophe de Dinechin
% export PATH=/usr/pgsql-10/bin/:$PATH
53 1 Christophe de Dinechin
% psql
54
postgres=# alter role postgres with encrypted password 'insert-your-postgres-password-here';
55
postgres=# create user redmine with encrypted password 'insert-your-redmine-password-here';
56
postgres=# create database redmine with encoding 'UTF-8' owner redmine;
57
</pre>
58
59 7 Christophe de Dinechin
If you get an error related to the encoding (I only had that on Postgres 9):
60 1 Christophe de Dinechin
<pre>
61
ERROR:  new encoding (UTF8) is incompatible with the encoding of the template database (SQL_ASCII)
62
HINT:  Use the same encoding as in the template database, or use template0 as template.
63
</pre>
64
65
then you should explicitly use @template0@:
66
<pre>
67
postgres=# create database redmine with template=template0 encoding 'UTF-8' owner redmine;
68 3 Christophe de Dinechin
</pre>
69 1 Christophe de Dinechin
70 2 Christophe de Dinechin
h3. Postgres 9.2.23
71 1 Christophe de Dinechin
72 2 Christophe de Dinechin
Postgres 9.2.23 is what you get directly when installing with @yum@ in RHEL 7.4:
73 1 Christophe de Dinechin
<pre>
74 2 Christophe de Dinechin
# Default Postgres 9.2.23
75
% sudo yum -y install postgresql postgresql-server postgresql-devel
76 1 Christophe de Dinechin
% postgresql-setup initdb
77 2 Christophe de Dinechin
% sudo systemctl start postgresql
78
% sudo systemctl enable postgresql
79 1 Christophe de Dinechin
</pre>
80
81 2 Christophe de Dinechin
I have not been able to have Redmine connect to the database without altering @/var/lib/pgsql/data/pg_hba.conf@ to have @trust@ for local IPv6 connnexions:
82 1 Christophe de Dinechin
83
<pre>
84
# TYPE  DATABASE        USER            ADDRESS                 METHOD
85
86
# "local" is for Unix domain socket connections only
87
local   all             all                                     peer
88
# IPv4 local connections:
89
host    all             all             127.0.0.1/32            trust
90
# IPv6 local connections:
91
host    all             all             ::1/128                 trust
92
</pre>
93
94 2 Christophe de Dinechin
I suspect this is wrong, but I don't know how to do it "right", and that's also how it's configured in the Redmine docker containers I looked at.
95
96 1 Christophe de Dinechin
Create user and database like in the previous section.
97
98 2 Christophe de Dinechin
h3. For MySQL / MariaDB
99
100
Installing and starting the database server
101
<pre>
102
# MariaDB (formerly MySQL)
103
% sudo yum -y install mariadb mariadb-devel
104
% sudo systemctl start mariadb
105
% sudo systemctl enable mariadb
106
</pre>
107
108
Then you can setup the original database:
109
<pre>
110
% mysql -u root -p
111
MariaDB [(none)]> set password for 'root'@'localhost' = password('insert-your-password-here');
112
MariaDB [(none)]> create database redmine character set utf8;
113
MariaDB [(none)]> create user 'redmine'@'localhost' identified by 'somepass';
114
MariaDB [(none)]> grant all privileges on redmine.* to 'redmine'@'localhost';
115
</pre>
116
117
Note: The rest of this setup assumes Postgres, will need to be updated with MariaDB instructions as well.
118 1 Christophe de Dinechin
119
h2. Upgrade Ruby
120
121
The default @ruby@ is 2.0.0p648. If you keep that version, @gem install passenger@ fails.
122
123
<pre>
124 8 Christophe de Dinechin
% sudo yum install -y gcc
125 1 Christophe de Dinechin
% cd /usr/local/src
126
% wget https://cache.ruby-lang.org/pub/ruby/2.5/ruby-2.5.0.tar.gz
127
% tar xvfz ruby-2.5.0.tar.gz
128
% cd ruby-2.5.0/
129
% ./configure
130
% make
131 9 Christophe de Dinechin
% sudo make install
132 1 Christophe de Dinechin
</pre>
133
134
Verify that you have Ruby 2.5 installed after that: 
135
<pre>
136 10 Christophe de Dinechin
% export PATH=/usr/local/bin:$PATH
137 1 Christophe de Dinechin
% ruby -v
138
ruby 2.5.0p0 (2017-12-25 revision 61468) [x86_64-linux]
139
</pre>
140
141
h2. Install passenger and Gem bundler:
142
143
With Ruby 2.5, we can install Passenger:
144
<pre>
145
% gem install passenger
146
gem install passenger
147
Fetching: rack-2.0.3.gem (100%)
148
Successfully installed rack-2.0.3
149
Fetching: passenger-5.2.0.gem (100%)
150
Building native extensions. This could take a while...
151
Successfully installed passenger-5.2.0
152
Parsing documentation for rack-2.0.3
153
Installing ri documentation for rack-2.0.3
154
Parsing documentation for passenger-5.2.0
155
Installing ri documentation for passenger-5.2.0
156
Done installing documentation for rack, passenger after 53 seconds
157
2 gems installed
158
</pre>
159
160
Install Gem bundler:
161
<pre>
162
% gem install bundler
163
Fetching: bundler-1.16.1.gem (100%)
164
Successfully installed bundler-1.16.1
165
Parsing documentation for bundler-1.16.1
166
Installing ri documentation for bundler-1.16.1
167
Done installing documentation for bundler after 5 seconds
168
1 gem installed
169
</pre>
170
171
h2. Check out Redmine
172
173 11 Christophe de Dinechin
Add a @redmine@ user
174 1 Christophe de Dinechin
175
<pre>
176 11 Christophe de Dinechin
% sudo useradd redmine
177 1 Christophe de Dinechin
</pre>
178
179 12 Christophe de Dinechin
Install @svn@ to be able to checkout Redmine:
180
<pre>
181
% sudo yum -y install svn
182
</pre>
183
184 11 Christophe de Dinechin
Check out the version of Redmine you want, here with version 3.4:
185
<pre>
186
% su redmine
187 1 Christophe de Dinechin
% cd /var/www
188 11 Christophe de Dinechin
% svn co http://svn.redmine.org/redmine/branches/3.4-stable redmine
189 1 Christophe de Dinechin
</pre>
190
191
h2. Database configuration
192
193
The database configuration for Redmine is in @/var/www/redmine/config/database.yml@. There is a template in that directory which you can edit.
194
195
<pre>
196
% cd /var/www/redmine/config/
197
% cp database.yml.example database.yml
198
</pre>
199
200
Edit @database.yml@ to contain the correct information regarding your installation. For Postgres:
201
202
<pre>
203
production:
204
  adapter: postgresql
205
  database: redmine
206
  host: localhost
207
  username: redmine
208
  password: insert-your-password-here
209
</pre>
210
211
(Note that you always have the choice of running the database in some other host than @localhost@)
212
213
h2. Install dependencies using the Gem bundler
214
215
This step will look at the dependencies specified in the @Gemfile@:
216
217
<pre>
218 13 Christophe de Dinechin
% cd /var/www/redmine
219 1 Christophe de Dinechin
% bundle install
220
</pre>
221
222
You may have a message about YARD recommending you use the following command:
223
<pre>
224
% yard config --gem-install-yri
225
Updated ~/.gemrc: 'gem: --document=yri'
226
</pre>
227
228
h2. Setup the production environment 
229
230
Update @/var/www/redmine/config/environment.rb@, adding the following statement:
231
<pre>
232
ENV['RAILS_ENV'] ||= 'production'
233
</pre>
234
235
Generate a secret token:
236
<pre>
237
% RAILS_ENV=production bundle exec rake generate_secret_token
238
</pre>
239
240
Run the database migration step:
241
<pre>
242
% RAILS_ENV=production bundle exec rake db:migrate
243
</pre>
244
245
h2. Start the server
246
247 17 Christophe de Dinechin
Note that you may want to open the firewall for that port using @firewall-config@ or @firewall-cmd@, e.g.
248
<pre>
249
% sudo firewall-cmd  --zone=public --add-port=3000/tcp --permanent
250
</pre>
251
252 1 Christophe de Dinechin
You can now attempt to run the application:
253
<pre>
254
% sudo su - redmine
255
% cd /var/www/redmine
256
% /usr/local/bin/ruby bin/rails server -b 0.0.0.0 -e production
257
=> Booting WEBrick
258
=> Rails 4.2.8 application starting in production on http://0.0.0.0:3000
259
=> Run `rails server -h` for more startup options
260
=> Ctrl-C to shutdown server
261
[2018-02-01 12:49:02] INFO  WEBrick 1.4.2
262
[2018-02-01 12:49:02] INFO  ruby 2.5.0 (2017-12-25) [x86_64-linux]
263
[2018-02-01 12:49:02] INFO  WEBrick::HTTPServer#start: pid=21470 port=3000
264
</pre>
265 18 Christophe de Dinechin
266
267
h2. Optional installations
268
269
If you are using a revision control system, you may want something like (pick which ones apply):
270
<pre>
271
% yum -y install darcs hg cvs bzr git
272
</pre>
273 19 Christophe de Dinechin
274
h2. Add a systemd service
275
276
You can optionally ensure your server starts automatically by creating a systemd service for it in @ /usr/lib/systemd/system/redmine.service@.
277
278
<pre>
279
[Unit]
280
Description=Redmine server
281
After=network.target remote-fs.target nss-lookup.target
282
283
[Service]
284
Type=simple
285
User=redmine
286
Group=redmine
287
EnvironmentFile=/etc/sysconfig/httpd
288
ExecStart=/usr/local/bin/ruby /var/www/redmine/bin/rails server -b 0.0.0.0 -e production
289
TimeoutSec=300
290
ExecStop=/bin/kill -WINCH ${MAINPID}
291
292
[Install]
293
WantedBy=multi-user.target
294
</pre>
295 20 Christophe de Dinechin
296
h2. Adding https support
297
298 21 Christophe de Dinechin
h3. Create Apache virtual host
299
300 20 Christophe de Dinechin
This is assuming you want to connect directly using the server name. Create a file named for example @/etc/httpd/conf.d/redmine.conf@, containing:
301
302
<pre>
303
<VirtualHost *:443>
304
  ServerName my-server-name@my-domain.com
305
  ServerAdmin my-admin-name@my-domain.com
306
  ErrorLog "logs/redmine_error_log"
307
308
  SSLEngine on
309
  SSLCertificateFile /etc/pki/tls/certs/ca.crt
310
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key
311
312
  DocumentRoot /var/www/redmine/public
313
314
  <Directory /var/www/redmine/public>
315
    AllowOverride all
316
    Options -MultiViews
317
  </Directory>
318
319
</VirtualHost>
320
</pre>
321
322 21 Christophe de Dinechin
h3. Create .htaccess with rewrite rules to dispatch.cgi
323
324 20 Christophe de Dinechin
Note that you need to have created the certificates (plenty of resources on the web on how to do that)
325
326
Add the following in @/var/www/redmine/public/.htaccess@:
327
328
<pre>
329
# General Apache options
330
<IfModule cgi_module>
331
    AddHandler cgi-script .cgi
332
</IfModule>
333
<IfModule mod_fastcgi.c>
334
    AddHandler fastcgi-script .fcgi
335
</IfModule>
336
<IfModule mod_fcgid.c>
337
    AddHandler fcgid-script .fcgi
338
</IfModule>
339
Options +FollowSymLinks +ExecCGI
340
341
# If you don't want Rails to look in certain directories,
342
# use the following rewrite rules so that Apache won't rewrite certain requests
343
#
344
# Example:
345
#   RewriteCond %{REQUEST_URI} ^/notrails.*
346
#   RewriteRule .* - [L]
347
348
# Redirect all requests not available on the filesystem to Rails
349
# By default the cgi dispatcher is used which is very slow
350
#
351
# For better performance replace the dispatcher with the fastcgi one
352
#
353
# Example:
354
#   RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
355
RewriteEngine On
356
357
# If your Rails application is accessed via an Alias directive,
358
# then you MUST also set the RewriteBase in this htaccess file.
359
#
360
# Example:
361
#   Alias /myrailsapp /path/to/myrailsapp/public
362
#   RewriteBase /myrailsapp
363
364
RewriteRule ^$ index.html [QSA]
365
RewriteRule ^([^.]+)$ $1.html [QSA]
366
RewriteCond %{REQUEST_FILENAME} !-f
367
<IfModule cgi_module>
368
    RewriteRule ^(.*)$ dispatch.cgi [QSA,L]
369
</IfModule>
370
<IfModule mod_fastcgi.c>
371
    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
372
</IfModule>
373
<IfModule mod_fcgid.c>
374
    RewriteRule ^(.*)$ dispatch.fcgi [QSA,L]
375
</IfModule>
376
377
# In case Rails experiences terminal errors
378
# Instead of displaying this message you can supply a file here which will be rendered instead
379
#
380
# Example:
381
ErrorDocument 500 /500.html
382
</pre>
383
384 21 Christophe de Dinechin
h3. Create the dispatch.cgi file
385
386 20 Christophe de Dinechin
Finally, you need a @/var/www/redmine/public/dispatch.cgi@ script:
387
<pre>
388
#!/usr/local/bin/ruby                                                                                                                                                                                          
389
390
require File.dirname(__FILE__) + '/../config/boot'
391
require File.dirname(__FILE__) + '/../config/environment'
392
393
class Rack::PathInfoRewriter
394
  def initialize(app)
395
    @app = app
396
  end
397
398
  def call(env)
399
    env.delete('SCRIPT_NAME')
400
    parts = env['REQUEST_URI'].split('?')
401
    env['PATH_INFO'] = parts[0]
402
    env['QUERY_STRING'] = parts[1].to_s
403
    @app.call(env)
404
  end
405
end
406
407
Rack::Handler::CGI.run Rack::PathInfoRewriter.new(RedmineApp::Application)
408
</pre>
409 21 Christophe de Dinechin
410
h3. Adjusting the SELinux policy
411 20 Christophe de Dinechin
412
You also need to make sure that Apache is allowed to execute all that part:
413
414
<pre>
415
% cd /var/www/redmine/public
416
% sudo chown -R apache:apache .
417
% sudo chmod +x dispatch.cgi
418
</pre>
419
420
Finally, it's necessary to create an SELinux policy allowing that CGI script to run, otherwise you will get an internal server error:
421
422
<pre>
423
% sudo semanage boolean -m --on httpd_enable_cgi
424
% sudo semanage fcontext -a -t httpd_sys_script_exec_t /var/www/redmine/public
425
% sudo restorecon /var/www/redmine/public
426
% sudo setsebool -P httpd_can_network_connect 1
427
% sudo setsebool -P httpd_can_network_connect_db 1
428
% ausearch -c 'dispatch.cgi' --raw | audit2allow -M my-dispatchcgi
429
% semodule -i my-dispatchcgi.pp
430
</pre>