Project

General

Profile

Redmine 203 with Subversion and LDAP Authentication (for Redmine and Subversion through Redmine) on Centos 6 i386 - detailed » History » Version 9

Hung Nguyen Vu, 2012-08-30 10:45

1 7 Hung Nguyen Vu
h1. Redmine 2.0.3 on Centos 6.3
2 2 Sven Nosse
3
{{>toc}}
4
5
h2. Introduction
6
7 6 Hung Nguyen Vu
Our company was using the BITNAMI stack with Redmine and Subversion for our production environment. So the goal was about changing the server and migrating the data from Redmine 1.4 to Redmine 2.0.3 including getting all repositories and permissions preserved. 
8 1 Sven Nosse
9 6 Hung Nguyen Vu
I've tried to avoid webrick but rather use the fastCGI Module for Apache2. 
10
11
12
Second was converting the built-in accounts from the database to LDAP (ActiveDirectory). This is the result of 2 days of work and googling is this little tutorial for setting up a mentioned box doing exactly this stuff. We are using CentOS 6 (i386) for that task. 
13
14
# Please excuse my bad english for I am not used anymore to post long instruction manuals. Feel free to edit whatever you want. 
15
16
First of all, I tend to use vi so if you cannot operate vi I'd recommend to use any editor you like. If my instruction tells you to edit a file, you can find the sequence "..." which means, there is something above or below that line of text, that needs to be edited. Do not include those dots... 
17
18 1 Sven Nosse
h2. Assumptions
19
20 2 Sven Nosse
* You have a CentOS 6.3 installation (minimum install) working and SSH access to your box
21 6 Hung Nguyen Vu
* You can access the Internet
22
* You are logged in as root
23 1 Sven Nosse
24 6 Hung Nguyen Vu
h2. Redmine Installation Instruction
25 2 Sven Nosse
26
My personal flavour is to use as less self compiled packages as necessary to get the package up and runnning. So I try to use as many repository packages as possible.
27
28 6 Hung Nguyen Vu
h3. Turn off SE-Linux
29 3 Sven Nosse
30 6 Hung Nguyen Vu
I spent a lot of time to find out, that selinux can be a real party pooper. So I strongly recommend to disable that first before installing anything else. You can find a tutorial inside the howto section describing how to enable SELinux for your installation.
31 2 Sven Nosse
<pre>
32
vi /etc/selinux/config
33
</pre>
34
35 1 Sven Nosse
find the line with SELINUX and set it to
36 2 Sven Nosse
<pre>
37
...
38
SELINUX=disabled
39
...
40
</pre>
41
Do a reboot *NOW*
42
43 6 Hung Nguyen Vu
h3. Install basic services (Apache, mySQL, and several tools...)
44 2 Sven Nosse
45 9 Hung Nguyen Vu
Now we are good to go to install some tools that might be useful during our installation... 
46
47
First of all, update your system, make sure it is up to date,
48 1 Sven Nosse
<pre>
49
yum update
50 9 Hung Nguyen Vu
</pre>
51
52
and then install some prerequisite packages to the setup,
53
<pre>
54
yum -y install wget vim \\
55
       system-config-network system-config-firewall vim openssh-clients
56
</pre>
57
58
anhd some packages needed for Redmine
59
<pre>
60 2 Sven Nosse
yum -y install httpd mysql mysql-server 
61 1 Sven Nosse
</pre>
62 2 Sven Nosse
After that continue and install all packages that might be necessary during the ruby and redmine installation.
63
<pre>
64
yum -y install ruby rubygems 
65 6 Hung Nguyen Vu
yum -y install zlib-devel curl-devel openssl-devel httpd-devel apr-devel apr-util-devel mysql-devel gcc ruby-devel \\
66
      gcc-c++ make postgresql-devel ImageMagick-devel sqlite-devel perl-LDAP mod_perl perl-Digest-SHA
67 2 Sven Nosse
</pre>
68
69
h3. Configure basic services
70
71 6 Hung Nguyen Vu
Let's configure the basic services, first of all, make mySQL and Apache to start at boot
72 2 Sven Nosse
<pre>
73
chkconfig httpd on --level 2345
74
chkconfig mysqld on --level 2345
75
</pre>
76
After configuring these, start them up
77
<pre>
78
service httpd start
79
service mysqld start
80
</pre>
81
Now configure your new mySQL Installation and follow the instructions. Please note the mysql administrator password.
82
<pre>
83
/usr/bin/mysql_secure_installation
84
</pre>
85
86
h3. Configure passenger for Apache
87
88
You need to install passenger for Apache using gem. Do the following on the command line
89
<pre>
90
gem install passenger
91
passenger-install-apache2-module
92
</pre>
93
Please notice the installation messages! The next .conf file might use another path or version! 
94
After this you need to generate a conf file with the displayed content
95
<pre>
96
vi /etc/httpd/conf.d/ruby.conf
97
</pre>
98
During my installation the following content was displayed and needs to be entered in that file:
99
<pre>
100
   LoadModule passenger_module /usr/lib/ruby/gems/1.8/gems/passenger-3.0.15/ext/apache2/mod_passenger.so
101
   PassengerRoot /usr/lib/ruby/gems/1.8/gems/passenger-3.0.15
102
   PassengerRuby /usr/bin/ruby
103
</pre>
104
Restart your apache with
105
<pre>
106
service httpd restart
107
</pre>
108
109 1 Sven Nosse
h3. Get Redmine and install it
110
111
change to your home directory and download the latest version, expand it and copy it to the right place.
112
<pre>
113
cd
114
wget http://rubyforge.org/frs/download.php/76259/redmine-2.0.3.tar.gz
115
tar xvfz redmine-2.0.3.tar.gz
116
mkdir /var/www/redmine
117
cp -av redmine-2.0.3/* /var/www/redmine
118
</pre>
119 6 Hung Nguyen Vu
120
or you can do
121
122
<pre>
123
cd /var/www
124
wget http://rubyforge.org/frs/download.php/76259/redmine-2.0.3.tar.gz
125
tar xvfz redmine-2.0.3.tar.gz
126
mkdir -p /var/www/redmine
127
ln -s redmine-2.0 redmine
128
</pre>
129
130 1 Sven Nosse
Next is to install bundler and let it install the production environment (with automatic resolve)
131
Now change to this directory - *this is your new Redmine application directory!*
132 2 Sven Nosse
<pre>
133
cd /var/www/redmine
134
gem install bundler
135
bundle install --without development test
136
</pre>
137
fetch some coffee... this might take some time... 
138
139
h3. Create Redmine database
140
141 6 Hung Nguyen Vu
Next to generate a new database for redmine
142
Log on to your datbase with the following command. If prompted for a password, enter it.
143 2 Sven Nosse
<pre>
144
mysql -u root -p
145
</pre>
146
I tend to create a local only user for that database, change the password 'very_secret' to a better one :)
147
<pre>
148
create database redmine character set utf8;
149
create user 'redmine'@'localhost' identified by 'very_secret';
150
grant all privileges on redmine.* to 'redmine'@'localhost'; 
151
quit;
152
</pre>
153
154
h3. Configure Redmine
155
156
First of all, copy the example config to a productive one and edit the config for your needs
157
<pre>
158
cd /var/www/redmine/config
159
cp database.yml.example database.yml
160
vi /var/www/redmine/config/database.yml
161
</pre>
162
Now find the production section inside this file and edit it like that
163
<pre>
164
...
165
production:
166
  adapter: mysql
167
  database: redmine
168
  host: localhost
169
  username: redmine
170
  password: very_secret
171
  encoding: utf8
172
...
173
</pre>
174
Head back to your application directory and generate a secret token
175
<pre>
176
cd /var/www/redmine/
177
rake generate_secret_token
178
</pre>
179 1 Sven Nosse
Now it is about time to generate the database structure (application directory!)
180
<pre>
181 2 Sven Nosse
cd /var/www/redmine/
182
RAILS_ENV=production rake db:migrate
183
</pre>
184
fill the database with default values...
185 1 Sven Nosse
<pre>
186 2 Sven Nosse
cd /var/www/redmine/
187
RAILS_ENV=production rake redmine:load_default_data
188
</pre>
189
follow the instructions to select your language.
190
191 6 Hung Nguyen Vu
h3. Mind the firewall!
192 2 Sven Nosse
193 6 Hung Nguyen Vu
Be aware that the firewall is enabled by default (which is good!). So if you know which ports to open, do it now or disable the firewall (just for testing purposes). I'd really recommend disabling the firewall during installation and enable it (opening ports) after you are sure that everything works.
194 1 Sven Nosse
<pre>
195 2 Sven Nosse
system-config-firewall
196
</pre>
197
use the onscreen menu to disable it or adjust the values.
198
199 8 Hung Nguyen Vu
or simply disable iptables during Redmine's setup
200
<pre>
201
service iptables stop
202
</pre>
203
204 6 Hung Nguyen Vu
h3. Do a testdrive!
205 2 Sven Nosse
206
I mentioned that I wanted not to use webrick, but for a testdrive, it'll work. This helps finding bugs and errors that might have occured before.
207
<pre>
208
cd /var/www/redmine/
209
ruby script/rails server webrick -e production
210
</pre>
211
Open up a browser and point it to: http://yoursystemname.yourdomain.com:3000 - the default username and password is 'admin'.
212
If everything is working, you are good to go! Kill webrick by hitting Ctrl+C.
213
214 6 Hung Nguyen Vu
h3. Activate FCGI and generate plugin directory
215 2 Sven Nosse
216
To activate the fcgi module you need to copy the example file and edit the very first line. During this step it is recommended to generate the default .htaccess config as well.
217
<pre>
218
cd /var/www/redmine/public
219
mkdir plugin_assets
220
cp dispatch.fcgi.example dispatch.fcgi
221
cp htaccess.fcgi.example .htaccess
222 1 Sven Nosse
vi /var/www/redmine/public/dispatch.fcgi
223
</pre>
224 2 Sven Nosse
now edit dispatch.fcgi and change it like this...
225
<pre>
226
#!/usr/bin/ruby
227
...
228
</pre>
229
230
h3. Apache permissions!
231
232
this one is important, so don't miss that one... 
233 1 Sven Nosse
<pre>
234 2 Sven Nosse
chown -R apache:apache /var/www/redmine/
235 1 Sven Nosse
</pre>
236 2 Sven Nosse
237 6 Hung Nguyen Vu
Note: "apache" is the user that runs httpd (apache) service, as defined in /etc/password and /etc/httpd/conf/httpd.conf 
238
239 2 Sven Nosse
h3. Getting Apache to work with FastCGI
240
241
Unfortunately the default Repo from CentOS cannot deliver the fcgid module so it is important to include a replo, that can deliver this package. I use the Fedora Repo so it is time to activate this... Again - this can change so please take care which repository to use.
242
<pre>
243
rpm --import https://fedoraproject.org/static/0608B895.txt
244
wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-7.noarch.rpm
245
rpm -ivh epel-release-6-7.noarch.rpm
246
yum -y install mod_fcgid
247
</pre>
248
249 6 Hung Nguyen Vu
h3. Set the file path for Redmine
250 2 Sven Nosse
251
I wanted to move the files to another location, so I decided to move them to /opt/redmine
252
<pre>
253 6 Hung Nguyen Vu
mkdir -p /opt/redmine/files
254 2 Sven Nosse
chown -R apache:apache /opt/redmine
255
</pre>
256
now edit the configuration
257
<pre>
258
cd /var/www/redmine/config
259
cp configuration.yml.example configuration.yml
260
vi /var/www/redmine/config/configuration.yml
261
</pre>
262
edit the path settings inside this file...
263
<pre>
264
...
265
  attachments_storage_path: /opt/redmine/files
266
...
267
</pre>
268
269
h3. Telling Apache to serve REDMINE
270
271
The final step is to tell apache, where to find Redmine and what to do with it. Generate a new conf file for your virtual host to serve redmine...
272
<pre>
273
vi /etc/httpd/conf.d/redmine.conf
274
</pre>
275
and enter the following config (adjust to your needs ;) )
276
<pre>
277
<VirtualHost *:80>
278
        ServerName yoursystemname.yourdomain.com
279
        ServerAdmin yourmail@yourdomain.com
280
        DocumentRoot /var/www/redmine/public/
281
        ErrorLog logs/redmine_error_log
282
283
        MaxRequestLen 20971520
284
285
        <Directory "/var/www/redmine/public/">
286
287
                Options Indexes ExecCGI FollowSymLinks
288
                Order allow,deny
289
                Allow from all
290
                AllowOverride all
291
        </Directory>
292
</VirtualHost>
293
</pre>
294
Restart Apache and cross your fingers, wheter you can access http://yoursystemname.yourdomain.com - redmine should be available right now...
295
<pre>
296
service httpd restart
297
</pre>
298
299
h3. Additional Config: E-Mail System
300
301 1 Sven Nosse
in order to get emails sent to your clients, edit the configuration.yml and enter your server settings...
302
<pre>
303
vi /var/www/redmine/config/configuration.yml
304
</pre>
305
now find the settings for your server... the following settings describe an anonymous relay on an internal server. You need to remove the username and password line if you use anonymous sign on.
306
<pre>
307
...
308
default:
309
  # Outgoing emails configuration (see examples above)
310
  email_delivery:
311
    delivery_method: :smtp
312
    smtp_settings:
313
      address: mailserver.yourdomain.com
314
      port: 25
315
      domain: yourdomain.com
316
...
317
</pre>
318
319 6 Hung Nguyen Vu
Here is the configration if you use Google's SMTP server
320
321
<pre>
322
production:
323
  email_delivery:
324
    delivery_method: :smtp
325
    smtp_settings:
326
#      tls: true
327
      enable_starttls_auto: true
328
      address: "smtp.gmail.com"
329
      port: '587'
330
      domain: "smtp.gmail.com"
331
      authentication: :plain
332
      user_name: "google-account-name@domain-name.domain-extension"
333
      password: "password"
334
</pre>
335
336
337 1 Sven Nosse
h2. Getting Subversion working
338 2 Sven Nosse
339
After getting Redmine working, it is time to get Subversion working... The goal is to integrate the repositories inside Redmine and host them on the same server...
340
341
h3. Installing Packages for Subversion
342
343
Install the following packages
344 1 Sven Nosse
<pre>
345 2 Sven Nosse
yum -y install mod_dav_svn subversion subversion-ruby
346
</pre>
347
348
h3. Linking authentication for Redmine
349
350
Redmine provides a perl module to handle Apache authentication on SVN DAV repositories. First step is to link that module into the search path
351
<pre>
352
mkdir /usr/lib/perl5/vendor_perl/Apache
353
ln -s /var/www/redmine/extra/svn/Redmine.pm /usr/lib/perl5/vendor_perl/Apache/Redmine.pm
354
</pre>
355
356 6 Hung Nguyen Vu
h3. Creating repository for subversion
357 2 Sven Nosse
358
create a path and set permissions for your SVN repo...
359
<pre>
360
mkdir /opt/subversion
361
chown -R apache:apache /opt/subversion
362
</pre>
363
364 6 Hung Nguyen Vu
h3. Edit virtual host for apache to serve SVN with redmine
365 2 Sven Nosse
366
to get Apache working with subversion, you need to adjust (create) the virtual host file
367
<pre>
368
vi /etc/httpd/conf.d/subversion.conf
369
</pre>
370
now enter/edit the following
371
<pre>
372
PerlLoadModule Apache::Redmine
373
<Location /svn>
374
        DAV svn
375
        SVNParentPath "/opt/subversion"
376
        SVNListParentPath on
377
        Order deny,allow
378
        Deny from all
379
        Satisfy any
380
        LimitXMLRequestBody 0
381
        SVNPathAuthz off
382
383
        PerlAccessHandler Apache::Authn::Redmine::access_handler
384
        PerlAuthenHandler Apache::Authn::Redmine::authen_handler
385
        AuthType Basic
386
        AuthName "Redmine SVN Repository"
387
388
        Require valid-user
389
        RedmineDSN "DBI:mysql:database=redmine;host=localhost:3306"
390
        RedmineDbUser "redmine"
391
        RedmineDbPass "OuaWe0HXidr39X"
392
393
        # cache max. 50 passwords
394
        RedmineCacheCredsMax 50
395
</Location>
396
</pre>