Redmine 203 with Subversion and LDAP Authentication (for Redmine and Subversion through Redmine) on Centos 6 i386 - detailed » History » Version 8
Hung Nguyen Vu, 2012-08-30 10:42
iptables works fine
1 | 7 | Hung Nguyen Vu | h1. Redmine 2.0.3 on Centos 6.3 |
---|---|---|---|
2 | 2 | Sven Nosse | |
3 | {{>toc}} |
||
4 | |||
5 | h2. Introduction |
||
6 | |||
7 | 6 | Hung Nguyen Vu | Our company was using the BITNAMI stack with Redmine and Subversion for our production environment. So the goal was about changing the server and migrating the data from Redmine 1.4 to Redmine 2.0.3 including getting all repositories and permissions preserved. |
8 | 1 | Sven Nosse | |
9 | 6 | Hung Nguyen Vu | I've tried to avoid webrick but rather use the fastCGI Module for Apache2. |
10 | |||
11 | |||
12 | Second was converting the built-in accounts from the database to LDAP (ActiveDirectory). This is the result of 2 days of work and googling is this little tutorial for setting up a mentioned box doing exactly this stuff. We are using CentOS 6 (i386) for that task. |
||
13 | |||
14 | # Please excuse my bad english for I am not used anymore to post long instruction manuals. Feel free to edit whatever you want. |
||
15 | |||
16 | First of all, I tend to use vi so if you cannot operate vi I'd recommend to use any editor you like. If my instruction tells you to edit a file, you can find the sequence "..." which means, there is something above or below that line of text, that needs to be edited. Do not include those dots... |
||
17 | |||
18 | 1 | Sven Nosse | h2. Assumptions |
19 | |||
20 | 2 | Sven Nosse | * You have a CentOS 6.3 installation (minimum install) working and SSH access to your box |
21 | 6 | Hung Nguyen Vu | * You can access the Internet |
22 | * You are logged in as root |
||
23 | 1 | Sven Nosse | |
24 | 6 | Hung Nguyen Vu | h2. Redmine Installation Instruction |
25 | 2 | Sven Nosse | |
26 | My personal flavour is to use as less self compiled packages as necessary to get the package up and runnning. So I try to use as many repository packages as possible. |
||
27 | |||
28 | 6 | Hung Nguyen Vu | h3. Turn off SE-Linux |
29 | 3 | Sven Nosse | |
30 | 6 | Hung Nguyen Vu | I spent a lot of time to find out, that selinux can be a real party pooper. So I strongly recommend to disable that first before installing anything else. You can find a tutorial inside the howto section describing how to enable SELinux for your installation. |
31 | 2 | Sven Nosse | <pre> |
32 | vi /etc/selinux/config |
||
33 | </pre> |
||
34 | |||
35 | 1 | Sven Nosse | find the line with SELINUX and set it to |
36 | 2 | Sven Nosse | <pre> |
37 | ... |
||
38 | SELINUX=disabled |
||
39 | ... |
||
40 | </pre> |
||
41 | Do a reboot *NOW* |
||
42 | |||
43 | 6 | Hung Nguyen Vu | h3. Install basic services (Apache, mySQL, and several tools...) |
44 | 2 | Sven Nosse | |
45 | 1 | Sven Nosse | Now we are good to go to install some tools that might be useful during our installation... First of all, update your system and then install some packages |
46 | <pre> |
||
47 | 2 | Sven Nosse | yum update |
48 | yum -y install wget system-config-network system-config-firewall vim openssh-clients |
||
49 | yum -y install httpd mysql mysql-server |
||
50 | 1 | Sven Nosse | </pre> |
51 | 2 | Sven Nosse | After that continue and install all packages that might be necessary during the ruby and redmine installation. |
52 | <pre> |
||
53 | yum -y install ruby rubygems |
||
54 | 6 | Hung Nguyen Vu | yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel gcc ruby-devel \\ |
55 | gcc-c++ make postgresql-devel ImageMagick-devel sqlite-devel perl-LDAP mod_perl perl-Digest-SHA |
||
56 | 2 | Sven Nosse | </pre> |
57 | |||
58 | h3. Configure basic services |
||
59 | |||
60 | 6 | Hung Nguyen Vu | Let's configure the basic services, first of all, make mySQL and Apache to start at boot |
61 | 2 | Sven Nosse | <pre> |
62 | chkconfig httpd on --level 2345 |
||
63 | chkconfig mysqld on --level 2345 |
||
64 | </pre> |
||
65 | After configuring these, start them up |
||
66 | <pre> |
||
67 | service httpd start |
||
68 | service mysqld start |
||
69 | </pre> |
||
70 | Now configure your new mySQL Installation and follow the instructions. Please note the mysql administrator password. |
||
71 | <pre> |
||
72 | /usr/bin/mysql_secure_installation |
||
73 | </pre> |
||
74 | |||
75 | h3. Configure passenger for Apache |
||
76 | |||
77 | You need to install passenger for Apache using gem. Do the following on the command line |
||
78 | <pre> |
||
79 | gem install passenger |
||
80 | passenger-install-apache2-module |
||
81 | </pre> |
||
82 | Please notice the installation messages! The next .conf file might use another path or version! |
||
83 | After this you need to generate a conf file with the displayed content |
||
84 | <pre> |
||
85 | vi /etc/httpd/conf.d/ruby.conf |
||
86 | </pre> |
||
87 | During my installation the following content was displayed and needs to be entered in that file: |
||
88 | <pre> |
||
89 | LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.15/ext/apache2/mod_passenger.so |
||
90 | PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.15 |
||
91 | PassengerRuby /usr/bin/ruby |
||
92 | </pre> |
||
93 | Restart your apache with |
||
94 | <pre> |
||
95 | service httpd restart |
||
96 | </pre> |
||
97 | |||
98 | 1 | Sven Nosse | h3. Get Redmine and install it |
99 | |||
100 | change to your home directory and download the latest version, expand it and copy it to the right place. |
||
101 | <pre> |
||
102 | cd |
||
103 | wget http://rubyforge.org/frs/download.php/76259/redmine-2.0.3.tar.gz |
||
104 | tar xvfz redmine-2.0.3.tar.gz |
||
105 | mkdir /var/www/redmine |
||
106 | cp -av redmine-2.0.3/* /var/www/redmine |
||
107 | </pre> |
||
108 | 6 | Hung Nguyen Vu | |
109 | or you can do |
||
110 | |||
111 | <pre> |
||
112 | cd /var/www |
||
113 | wget http://rubyforge.org/frs/download.php/76259/redmine-2.0.3.tar.gz |
||
114 | tar xvfz redmine-2.0.3.tar.gz |
||
115 | mkdir -p /var/www/redmine |
||
116 | ln -s redmine-2.0 redmine |
||
117 | </pre> |
||
118 | |||
119 | 1 | Sven Nosse | Next is to install bundler and let it install the production environment (with automatic resolve) |
120 | Now change to this directory - *this is your new Redmine application directory!* |
||
121 | 2 | Sven Nosse | <pre> |
122 | cd /var/www/redmine |
||
123 | gem install bundler |
||
124 | bundle install --without development test |
||
125 | </pre> |
||
126 | fetch some coffee... this might take some time... |
||
127 | |||
128 | h3. Create Redmine database |
||
129 | |||
130 | 6 | Hung Nguyen Vu | Next to generate a new database for redmine |
131 | Log on to your datbase with the following command. If prompted for a password, enter it. |
||
132 | 2 | Sven Nosse | <pre> |
133 | mysql -u root -p |
||
134 | </pre> |
||
135 | I tend to create a local only user for that database, change the password 'very_secret' to a better one :) |
||
136 | <pre> |
||
137 | create database redmine character set utf8; |
||
138 | create user 'redmine'@'localhost' identified by 'very_secret'; |
||
139 | grant all privileges on redmine.* to 'redmine'@'localhost'; |
||
140 | quit; |
||
141 | </pre> |
||
142 | |||
143 | h3. Configure Redmine |
||
144 | |||
145 | First of all, copy the example config to a productive one and edit the config for your needs |
||
146 | <pre> |
||
147 | cd /var/www/redmine/config |
||
148 | cp database.yml.example database.yml |
||
149 | vi /var/www/redmine/config/database.yml |
||
150 | </pre> |
||
151 | Now find the production section inside this file and edit it like that |
||
152 | <pre> |
||
153 | ... |
||
154 | production: |
||
155 | adapter: mysql |
||
156 | database: redmine |
||
157 | host: localhost |
||
158 | username: redmine |
||
159 | password: very_secret |
||
160 | encoding: utf8 |
||
161 | ... |
||
162 | </pre> |
||
163 | Head back to your application directory and generate a secret token |
||
164 | <pre> |
||
165 | cd /var/www/redmine/ |
||
166 | rake generate_secret_token |
||
167 | </pre> |
||
168 | 1 | Sven Nosse | Now it is about time to generate the database structure (application directory!) |
169 | <pre> |
||
170 | 2 | Sven Nosse | cd /var/www/redmine/ |
171 | RAILS_ENV=production rake db:migrate |
||
172 | </pre> |
||
173 | fill the database with default values... |
||
174 | 1 | Sven Nosse | <pre> |
175 | 2 | Sven Nosse | cd /var/www/redmine/ |
176 | RAILS_ENV=production rake redmine:load_default_data |
||
177 | </pre> |
||
178 | follow the instructions to select your language. |
||
179 | |||
180 | 6 | Hung Nguyen Vu | h3. Mind the firewall! |
181 | 2 | Sven Nosse | |
182 | 6 | Hung Nguyen Vu | Be aware that the firewall is enabled by default (which is good!). So if you know which ports to open, do it now or disable the firewall (just for testing purposes). I'd really recommend disabling the firewall during installation and enable it (opening ports) after you are sure that everything works. |
183 | 1 | Sven Nosse | <pre> |
184 | 2 | Sven Nosse | system-config-firewall |
185 | </pre> |
||
186 | use the onscreen menu to disable it or adjust the values. |
||
187 | |||
188 | 8 | Hung Nguyen Vu | or simply disable iptables during Redmine's setup |
189 | <pre> |
||
190 | service iptables stop |
||
191 | </pre> |
||
192 | |||
193 | 6 | Hung Nguyen Vu | h3. Do a testdrive! |
194 | 2 | Sven Nosse | |
195 | I mentioned that I wanted not to use webrick, but for a testdrive, it'll work. This helps finding bugs and errors that might have occured before. |
||
196 | <pre> |
||
197 | cd /var/www/redmine/ |
||
198 | ruby script/rails server webrick -e production |
||
199 | </pre> |
||
200 | Open up a browser and point it to: http://yoursystemname.yourdomain.com:3000 - the default username and password is 'admin'. |
||
201 | If everything is working, you are good to go! Kill webrick by hitting Ctrl+C. |
||
202 | |||
203 | 6 | Hung Nguyen Vu | h3. Activate FCGI and generate plugin directory |
204 | 2 | Sven Nosse | |
205 | To activate the fcgi module you need to copy the example file and edit the very first line. During this step it is recommended to generate the default .htaccess config as well. |
||
206 | <pre> |
||
207 | cd /var/www/redmine/public |
||
208 | mkdir plugin_assets |
||
209 | cp dispatch.fcgi.example dispatch.fcgi |
||
210 | cp htaccess.fcgi.example .htaccess |
||
211 | 1 | Sven Nosse | vi /var/www/redmine/public/dispatch.fcgi |
212 | </pre> |
||
213 | 2 | Sven Nosse | now edit dispatch.fcgi and change it like this... |
214 | <pre> |
||
215 | #!/usr/bin/ruby |
||
216 | ... |
||
217 | </pre> |
||
218 | |||
219 | h3. Apache permissions! |
||
220 | |||
221 | this one is important, so don't miss that one... |
||
222 | 1 | Sven Nosse | <pre> |
223 | 2 | Sven Nosse | chown -R apache:apache /var/www/redmine/ |
224 | 1 | Sven Nosse | </pre> |
225 | 2 | Sven Nosse | |
226 | 6 | Hung Nguyen Vu | Note: "apache" is the user that runs httpd (apache) service, as defined in /etc/password and /etc/httpd/conf/httpd.conf |
227 | |||
228 | 2 | Sven Nosse | h3. Getting Apache to work with FastCGI |
229 | |||
230 | Unfortunately the default Repo from CentOS cannot deliver the fcgid module so it is important to include a replo, that can deliver this package. I use the Fedora Repo so it is time to activate this... Again - this can change so please take care which repository to use. |
||
231 | <pre> |
||
232 | rpm --import https://fedoraproject.org/static/0608B895.txt |
||
233 | wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm |
||
234 | rpm -ivh epel-release-6-7.noarch.rpm |
||
235 | yum -y install mod_fcgid |
||
236 | </pre> |
||
237 | |||
238 | 6 | Hung Nguyen Vu | h3. Set the file path for Redmine |
239 | 2 | Sven Nosse | |
240 | I wanted to move the files to another location, so I decided to move them to /opt/redmine |
||
241 | <pre> |
||
242 | 6 | Hung Nguyen Vu | mkdir -p /opt/redmine/files |
243 | 2 | Sven Nosse | chown -R apache:apache /opt/redmine |
244 | </pre> |
||
245 | now edit the configuration |
||
246 | <pre> |
||
247 | cd /var/www/redmine/config |
||
248 | cp configuration.yml.example configuration.yml |
||
249 | vi /var/www/redmine/config/configuration.yml |
||
250 | </pre> |
||
251 | edit the path settings inside this file... |
||
252 | <pre> |
||
253 | ... |
||
254 | attachments_storage_path: /opt/redmine/files |
||
255 | ... |
||
256 | </pre> |
||
257 | |||
258 | h3. Telling Apache to serve REDMINE |
||
259 | |||
260 | The final step is to tell apache, where to find Redmine and what to do with it. Generate a new conf file for your virtual host to serve redmine... |
||
261 | <pre> |
||
262 | vi /etc/httpd/conf.d/redmine.conf |
||
263 | </pre> |
||
264 | and enter the following config (adjust to your needs ;) ) |
||
265 | <pre> |
||
266 | <VirtualHost *:80> |
||
267 | ServerName yoursystemname.yourdomain.com |
||
268 | ServerAdmin yourmail@yourdomain.com |
||
269 | DocumentRoot /var/www/redmine/public/ |
||
270 | ErrorLog logs/redmine_error_log |
||
271 | |||
272 | MaxRequestLen 20971520 |
||
273 | |||
274 | <Directory "/var/www/redmine/public/"> |
||
275 | |||
276 | Options Indexes ExecCGI FollowSymLinks |
||
277 | Order allow,deny |
||
278 | Allow from all |
||
279 | AllowOverride all |
||
280 | </Directory> |
||
281 | </VirtualHost> |
||
282 | </pre> |
||
283 | Restart Apache and cross your fingers, wheter you can access http://yoursystemname.yourdomain.com - redmine should be available right now... |
||
284 | <pre> |
||
285 | service httpd restart |
||
286 | </pre> |
||
287 | |||
288 | h3. Additional Config: E-Mail System |
||
289 | |||
290 | 1 | Sven Nosse | in order to get emails sent to your clients, edit the configuration.yml and enter your server settings... |
291 | <pre> |
||
292 | vi /var/www/redmine/config/configuration.yml |
||
293 | </pre> |
||
294 | now find the settings for your server... the following settings describe an anonymous relay on an internal server. You need to remove the username and password line if you use anonymous sign on. |
||
295 | <pre> |
||
296 | ... |
||
297 | default: |
||
298 | # Outgoing emails configuration (see examples above) |
||
299 | email_delivery: |
||
300 | delivery_method: :smtp |
||
301 | smtp_settings: |
||
302 | address: mailserver.yourdomain.com |
||
303 | port: 25 |
||
304 | domain: yourdomain.com |
||
305 | ... |
||
306 | </pre> |
||
307 | |||
308 | 6 | Hung Nguyen Vu | Here is the configration if you use Google's SMTP server |
309 | |||
310 | <pre> |
||
311 | production: |
||
312 | email_delivery: |
||
313 | delivery_method: :smtp |
||
314 | smtp_settings: |
||
315 | # tls: true |
||
316 | enable_starttls_auto: true |
||
317 | address: "smtp.gmail.com" |
||
318 | port: '587' |
||
319 | domain: "smtp.gmail.com" |
||
320 | authentication: :plain |
||
321 | user_name: "google-account-name@domain-name.domain-extension" |
||
322 | password: "password" |
||
323 | </pre> |
||
324 | |||
325 | |||
326 | 1 | Sven Nosse | h2. Getting Subversion working |
327 | 2 | Sven Nosse | |
328 | After getting Redmine working, it is time to get Subversion working... The goal is to integrate the repositories inside Redmine and host them on the same server... |
||
329 | |||
330 | h3. Installing Packages for Subversion |
||
331 | |||
332 | Install the following packages |
||
333 | 1 | Sven Nosse | <pre> |
334 | 2 | Sven Nosse | yum -y install mod_dav_svn subversion subversion-ruby |
335 | </pre> |
||
336 | |||
337 | h3. Linking authentication for Redmine |
||
338 | |||
339 | Redmine provides a perl module to handle Apache authentication on SVN DAV repositories. First step is to link that module into the search path |
||
340 | <pre> |
||
341 | mkdir /usr/lib/perl5/vendor_perl/Apache |
||
342 | ln -s /var/www/redmine/extra/svn/Redmine.pm /usr/lib/perl5/vendor_perl/Apache/Redmine.pm |
||
343 | </pre> |
||
344 | |||
345 | 6 | Hung Nguyen Vu | h3. Creating repository for subversion |
346 | 2 | Sven Nosse | |
347 | create a path and set permissions for your SVN repo... |
||
348 | <pre> |
||
349 | mkdir /opt/subversion |
||
350 | chown -R apache:apache /opt/subversion |
||
351 | </pre> |
||
352 | |||
353 | 6 | Hung Nguyen Vu | h3. Edit virtual host for apache to serve SVN with redmine |
354 | 2 | Sven Nosse | |
355 | to get Apache working with subversion, you need to adjust (create) the virtual host file |
||
356 | <pre> |
||
357 | vi /etc/httpd/conf.d/subversion.conf |
||
358 | </pre> |
||
359 | now enter/edit the following |
||
360 | <pre> |
||
361 | PerlLoadModule Apache::Redmine |
||
362 | <Location /svn> |
||
363 | DAV svn |
||
364 | SVNParentPath "/opt/subversion" |
||
365 | SVNListParentPath on |
||
366 | Order deny,allow |
||
367 | Deny from all |
||
368 | Satisfy any |
||
369 | LimitXMLRequestBody 0 |
||
370 | SVNPathAuthz off |
||
371 | |||
372 | PerlAccessHandler Apache::Authn::Redmine::access_handler |
||
373 | PerlAuthenHandler Apache::Authn::Redmine::authen_handler |
||
374 | AuthType Basic |
||
375 | AuthName "Redmine SVN Repository" |
||
376 | |||
377 | Require valid-user |
||
378 | RedmineDSN "DBI:mysql:database=redmine;host=localhost:3306" |
||
379 | RedmineDbUser "redmine" |
||
380 | RedmineDbPass "OuaWe0HXidr39X" |
||
381 | |||
382 | # cache max. 50 passwords |
||
383 | RedmineCacheCredsMax 50 |
||
384 | </Location> |
||
385 | </pre> |