[rt-users] Best Practice RE Mail Server
I'm pretty sure this has been hashed and rehashed on this list, but a google search this morning turned up nothing definitive, so I will ask: I am reconfiguring a twisted RT installation (3.6, but moving toward 4.0). We already have a mail server (sendmail) running on another server. For incoming and outgoing email I thought of three differrent options: * *OPTION A: Re-addressed* Incoming mail comes into the mail server and is readdressed to RT server and forwarded Outgoing mail coming from the RT server goes to the mail server and is readdressed before going out to the world Pro: one mail server to admin; Con: pain to set up, * *OPTION B: Redirect* Incoming mail comes into the mail server and is redirected to the RT server Outgoing mail coming from the RT server goes to the mail server and is redirected to the rest of the world Pro: one mail server, simpler to set up; Con: less of a setup pain, but still * *OPTION C: Direct* Incoming mail goes straight to the RT server Outgoing mail coming from the RT server goes out to the world directly Pro: Simple to set up; Con: two mail servers to deal with What is the best practice (or failing that, Most Common Practice) among RT administrators? Wes Modes University of California, Santa Cruz RT Training Sessions (http://bestpractical.com/services/training.html) * Washington DC, USA October 31 November 1, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] Best Practice RE Mail Server
Thanks for the suggestion. With this however, doesn't sendmail have to be running on the Rt Server anyway to process all the incoming mail and execute RT scripts? For simplicities sake, I'm leaning more and more toward all mail coming into and going out from the RT server. What are the disadvantages to this approach? Wes On 10/25/2011 1:24 PM, Francisco Jen Ou wrote: Hi, My suggestion: - incoming email to sendmail and aliased by it to something like rt_queue_name@rt_server.domain.com (where rt_server.domain.com resolves to RT server's internal net IP). - outgoing email sent directly by RT server (don't forget to set $SMTPFrom correctly) This way, there will be only one server to manage (though you will need to setup mailgate on RT server once). Em 25-10-2011 16:59, Wes Modes escreveu: I'm pretty sure this has been hashed and rehashed on this list, but a google search this morning turned up nothing definitive, so I will ask: I am reconfiguring a twisted RT installation (3.6, but moving toward 4.0). We already have a mail server (sendmail) running on another server. For incoming and outgoing email I thought of three differrent options: * *OPTION A: Re-addressed* Incoming mail comes into the mail server and is readdressed to RT server and forwarded Outgoing mail coming from the RT server goes to the mail server and is readdressed before going out to the world Pro: one mail server to admin; Con: pain to set up, * *OPTION B: Redirect* Incoming mail comes into the mail server and is redirected to the RT server Outgoing mail coming from the RT server goes to the mail server and is redirected to the rest of the world Pro: one mail server, simpler to set up; Con: less of a setup pain, but still * *OPTION C: Direct* Incoming mail goes straight to the RT server Outgoing mail coming from the RT server goes out to the world directly Pro: Simple to set up; Con: two mail servers to deal with What is the best practice (or failing that, Most Common Practice) among RT administrators? Wes Modes University of California, Santa Cruz RT Training Sessions (http://bestpractical.com/services/training.html) * Washington DC, USA — October 31 November 1, 2011 * Barcelona, Spain — November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Washington DC, USA October 31 November 1, 2011 * Barcelona, Spain November 28 29, 2011 RT Training Sessions (http://bestpractical.com/services/training.html) * Washington DC, USA October 31 November 1, 2011 * Barcelona, Spain November 28 29, 2011
Re: [rt-users] ExternalAuth help needed
problems later. 'attr_match_list' = ['Name', 'EmailAddress', ], # The mapping of RT attributes on to LDAP attributes 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'gecos', 'WorkPhone' = 'telephoneNumber', } }, # An example SSO cookie service 'My_SSO_Cookie' = { # # The type of service (db/ldap/cookie) 'type' = 'cookie', # The name of the cookie to be used 'name' = 'loginCookieValue', # The users table 'u_table' = 'users', # The username field in the users table 'u_field' = 'username', # The field in the users table that uniquely identifies a user # and also exists in the cookies table 'u_match_key' = 'userID', # The cookies table 'c_table' = 'login_cookie', # The field that stores cookie values 'c_field' = 'loginCookieValue', # The field in the cookies table that uniquely identifies a user # and also exists in the users table 'c_match_key' = 'loginCookieUserID', # The DB service in this configuration to use to lookup the cookie information 'db_service_name' = 'My_MySQL' } } ); 1; Any help would be appreciated. Thanks. Wes On 1/12/2011 4:14 PM, Kevin Falcone wrote: On Wed, Jan 12, 2011 at 04:01:08PM -0800, Wes Modes wrote: [Wed Jan 12 23:31:22 2011] [error]: AUTH FAILED, Couldn't Load Password Encryption Package. Error: Can't locate Crypt/MySQL.pm in @INC (@INC contains: /usr/local/rt/lib What are you doing to load that? You should send along the other parts of your RT_SiteConfig.pm, it appears you've got something 'interesting' running. Did you tell RT-Authen-ExternalAuth to look at LDAP and a mysql database? -kevin
Re: [rt-users] ExternalAuth help needed
Maybe, but then this isn't what is causing the error, no? Also, memberOf is one way of implementing groups. That is a one-to-many record within the user record. If you don't have memberOf implemented within your LDAP, then you can have a group record that contains a list of userIDs. Wes On 1/12/2011 9:08 AM, Joachim Thuau wrote: # Does authentication depend on group membership? What group name? 'group' = 'staff', # What is the attribute for the group object that determines membership? 'group_attr'= 'ou=group,dc=ucsc,dc=edu', I believe what you want there is: 'group_attr' = 'memberOf' As in the name of the attribute that would have the value staff (from your config). HTH Jok
Re: [rt-users] ExternalAuth help needed
Kevin, you said the error is clear. but it seems less than clear to me. Especially since I have no problem connecting to ldap with ldapsearch using the same DN. Are we stalled out here, then? If this forum can not offer help, any suggestions where to turn to for help? In my experience with other software, LDAP is one of the simplest integrations possible. In total one has to configure maybe three, maybe four things. The server FQDN, maybe the port, the base DN, and maybe the root DN. Voila! That's it! LDAP integration. I have a difficult time believing that RT is so difficult to integrate with LDAP, that there is so little step-by-step documentation, and that the user forums offer so little help. This has been a surprisingly difficult process, but I'd still like to be proved completely wrong. Wes On 1/11/2011 7:43 AM, Kevin Falcone wrote: On Mon, Jan 10, 2011 at 06:03:37PM -0800, Wes Modes wrote: I am using ExternalAuth to connect RT3.8.8 to LDAP. Detailed documentation seems to be woefully absent, and I've scoured the web and tried the dozens of conflicting suggestions, so I'm turning to y'all. Here's the error I get: [Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) The error seems clear, something in your username or password isn't valid DN syntax according to your server. Try connecting using the ldapsearch command line client. -kevin Here's the LDAP section from my RT_Authen-ExternalAuth.pm 'My_LDAP' = { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' = 'ldap', # The server hosting the service 'server'= 'dir1.library.ucsc.edu', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' = 'cn=admin,dc=ucsc,dc=edu', # The password RT should use to connect to the LDAP server 'pass'= 'PASSWORD', # # The LDAP search base 'base' = 'ou=people,dc=ucsc,dc=edu', # # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! # YOU **MUST** SPECIFY A filter AND A d_filter!! # # The filter to use to match RT-Users 'filter'= '(objectClass=person)', # A catch-all example filter: '(objectClass=*)' # # The filter that will only match disabled users 'd_filter' = '(objectClass=FooBarBaz)', # A catch-none example d_filter: '(objectClass=FooBarBaz)' # # Should we try to use TLS to encrypt connections? 'tls' = 0, # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' = 3, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'staff', # What is the attribute for the group object that determines membership? 'group_attr'= 'ou=group,dc=ucsc,dc=edu', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user # This example shows what you *can* specify.. I recommend reducing this # to just the Name and EmailAddress to save encountering problems later. 'attr_match_list' = ['Name', 'EmailAddress', ], # The mapping of RT attributes on to LDAP attributes 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'gecos', 'WorkPhone' = 'telephoneNumber', } }, What more do you need to know to help me get this working? Wes
Re: [rt-users] ExternalAuth help needed
I've confirmed that the user rjohnson can indeed login to other services via LDAP. However, he can't login to rt. Looking closer, here's all the rt.log says about the failed login attempt: [Wed Jan 12 23:21:18 2011] [error]: FAILED LOGIN for rjohnson from 128.114.163.50 (/usr/lib/rt/RT/Interface/Web.pm:424) Where did the original error I reported go? Beats me? Here's what ldap.log says on the LDAP server: Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 fd=48 ACCEPT from IP=128.114.163.13:407 52 (IP=0.0.0.0:389) Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 op=0 BIND dn=cn=admin,dc=ucsc,dc=edu method=128 Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 op=0 BIND dn=cn=admin,dc=ucsc,dc=edu mech=SIMPLE ssf=0 Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 op=0 RESULT tag=97 err=0 text= Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 op=1 SRCH base=ou=people,dc=ucsc,dc=ed u scope=2 deref=2 filter=((objectClass=person)(uid=rjohnson)) Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 op=1 SRCH attr=telephoneNumber cn mail uid gecos uid Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 op=1 SEARCH RESULT tag=101 err=0 nentri es=1 text= Jan 12 15:21:18 dir1 slapd2.4[2475]: conn=614436 fd=48 closed (connection lost) Jan 12 15:21:19 dir1 slapd2.4[2475]: conn=614435 op=4 UNBIND Jan 12 15:21:19 dir1 slapd2.4[2475]: conn=614435 fd=39 closed However, when I login as another user, one that has a local rt login, I get this in the rt.log: [Wed Jan 12 23:31:22 2011] [critical]: Search for (ou=group,dc=ucsc,dc=edu=uid=wmodes,ou=people,dc=ucsc,dc=edu) failed: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:116) [Wed Jan 12 23:31:22 2011] [error]: AUTH FAILED, Couldn't Load Password Encryption Package. Error: Can't locate Crypt/MySQL.pm in @INC (@INC contains: /usr/local/rt/lib /usr/local/rt/plugins/RT-Extension-ExtractCustomFieldValues/lib /usr/local/rt/plugins/RT-Authen-ExternalAuth/lib /usr/lib/rt /usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/site_perl/5.8.8 /usr/lib/perl5/site_perl /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/vendor_perl/5.8.8 /usr/lib/perl5/vendor_perl /usr/lib64/perl5/5.8.8/x86_64-linux-thread-multi /usr/lib/perl5/5.8.8 . /etc/httpd) at (eval 4588) line 3, DATA line 440. Stack: [(eval 4588):3] [/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:330] [/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth.pm:156] [/usr/local/rt/plugins/RT-Authen-ExternalAuth/html/Callbacks/ExternalAuth/autohandler/Auth:25] [/usr/lib/rt/RT/Interface/Web.pm:202] [/var/rt/html/autohandler:53] (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:70) [Wed Jan 12 23:31:22 2011] [error]: My_MySQL AUTH FAILED The encryption package you gave me ( Crypt::MySQL ) does not support the encryption method you specified ( password ) (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/DBI.pm:99) It looks like you are right about the group setting being messed up, but does that explain the failure of the first login? There may be multiple things messed up and prove conclusively that two wrongs do not make a right. Wes On 1/12/2011 3:05 PM, Kevin Falcone wrote: On Wed, Jan 12, 2011 at 03:00:30PM -0800, Wes Modes wrote: Kevin, you said the error is clear. but it seems less than clear to me. Especially since I have no problem connecting to ldap with ldapsearch using the same DN. Are we stalled out here, then? If this forum can not offer help, any suggestions where to turn to for help? In my experience with other software, LDAP is one of the simplest integrations possible. In total one has to configure maybe three, maybe four things. The server FQDN, maybe the port, the base DN, and maybe the root DN. Voila! That's it! LDAP integration. I have a difficult time believing that RT is so difficult to integrate with LDAP, that there is so little step-by-step documentation, and that the user forums offer so little help. This has been a surprisingly difficult process, but I'd still like to be proved completely wrong. Wes, plenty of folks have this working and I've set it up more times than I can count. You've cherry picked an error that tells me that your LDAP server is rejecting the connection attempt. What do your LDAP logs say? As someone observed, your group settings look interestingly wrong, but since I'm staring at one log line it's kind of hard to tell if this is the initial bind or a later bind failure. -kevin On 1/11/2011 7:43 AM, Kevin Falcone wrote: On Mon, Jan 10, 2011 at 06:03:37PM -0800, Wes Modes wrote: I am using
Re: [rt-users] ExternalAuth help needed
The machine name is specified elsewhere, but that is what the root DN looks like. Now whether that is the right format for that variable value or not, I don't know. W. On 1/11/2011 5:49 AM, Josh Narins wrote: I have fiddled only a little with LDAP. The error message sounds like it isn't recognizing something as a DN. To me, your username doesn't look quite right. Is there really an LDAP server at ucsc.edu? Shouldn't it be more like DC=ldap1,DC=ucsc,DC=edu, to specify the machine name? I'm not even very good with windows, so, I could be way off, here. // *Josh Narins* Director of Application Development SeniorBridge 845 Third Ave 7th Floor New York, NY 10022 Tel: (212) 994-6194 Fax: (212) 994-4260 Mobile: (917) 488-6248 jnar...@seniorbridge.com seniorbridge.com http://www.seniorbridge.com/ SeniorBridge *SeniorBridge Statement of Confidentiality:* The contents of this email message are intended for the exclusive use of the addressee(s) and may contain confidential or privileged information. Any dissemination, distribution or copying of this email by an unintended or mistaken recipient is strictly prohibited. In said event, kindly reply to the sender and destroy all entries of this message and any attachments from your system. Thank you. *From:*rt-users-boun...@lists.bestpractical.com [mailto:rt-users-boun...@lists.bestpractical.com] *On Behalf Of *Wes Modes *Sent:* Monday, January 10, 2011 9:04 PM *To:* RT Users *Subject:* [rt-users] ExternalAuth help needed I am using ExternalAuth to connect RT3.8.8 to LDAP. Detailed documentation seems to be woefully absent, and I've scoured the web and tried the dozens of conflicting suggestions, so I'm turning to y'all. Here's the error I get: [Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) Here's the LDAP section from my RT_Authen-ExternalAuth.pm 'My_LDAP' = { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' = 'ldap', # The server hosting the service 'server'= 'dir1.library.ucsc.edu', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' = 'cn=admin,dc=ucsc,dc=edu', # The password RT should use to connect to the LDAP server 'pass'= 'PASSWORD', # # The LDAP search base 'base' = 'ou=people,dc=ucsc,dc=edu', # # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! # YOU **MUST** SPECIFY A filter AND A d_filter!! # # The filter to use to match RT-Users 'filter'= '(objectClass=person)', # A catch-all example filter: '(objectClass=*)' # # The filter that will only match disabled users 'd_filter' = '(objectClass=FooBarBaz)', # A catch-none example d_filter: '(objectClass=FooBarBaz)' # # Should we try to use TLS to encrypt connections? 'tls' = 0, # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' = 3, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'staff', # What is the attribute for the group object that determines membership? 'group_attr'= 'ou=group,dc=ucsc,dc=edu', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user # This example shows what you *can* specify.. I recommend reducing this # to just the Name and EmailAddress to save encountering problems later. 'attr_match_list' = ['Name', 'EmailAddress', ], # The mapping of RT attributes on to LDAP attributes 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'gecos', 'WorkPhone
[rt-users] ExternalAuth help needed
I am using ExternalAuth to connect RT3.8.8 to LDAP. Detailed documentation seems to be woefully absent, and I've scoured the web and tried the dozens of conflicting suggestions, so I'm turning to y'all. Here's the error I get: [Tue Jan 11 01:41:56 2011] [critical]: RT::Authen::ExternalAuth::LDAP::_GetBoundLdapObj Can't bind: LDAP_INVALID_DN_SYNTAX 34 (/usr/local/rt/plugins/RT-Authen-ExternalAuth/lib/RT/Authen/ExternalAuth/LDAP.pm:467) Here's the LDAP section from my RT_Authen-ExternalAuth.pm 'My_LDAP' = { ## GENERIC SECTION # The type of service (db/ldap/cookie) 'type' = 'ldap', # The server hosting the service 'server'= 'dir1.library.ucsc.edu', ## SERVICE-SPECIFIC SECTION # If you can bind to your LDAP server anonymously you should # remove the user and pass config lines, otherwise specify them here: # # The username RT should use to connect to the LDAP server 'user' = 'cn=admin,dc=ucsc,dc=edu', # The password RT should use to connect to the LDAP server 'pass'= 'PASSWORD', # # The LDAP search base 'base' = 'ou=people,dc=ucsc,dc=edu', # # ALL FILTERS MUST BE VALID LDAP FILTERS ENCASED IN PARENTHESES! # YOU **MUST** SPECIFY A filter AND A d_filter!! # # The filter to use to match RT-Users 'filter'= '(objectClass=person)', # A catch-all example filter: '(objectClass=*)' # # The filter that will only match disabled users 'd_filter' = '(objectClass=FooBarBaz)', # A catch-none example d_filter: '(objectClass=FooBarBaz)' # # Should we try to use TLS to encrypt connections? 'tls' = 0, # SSL Version to provide to Net::SSLeay *if* using SSL 'ssl_version' = 3, # What other args should I pass to Net::LDAP-new($host,@args)? 'net_ldap_args' = [version = 3 ], # Does authentication depend on group membership? What group name? 'group' = 'staff', # What is the attribute for the group object that determines membership? 'group_attr'= 'ou=group,dc=ucsc,dc=edu', ## RT ATTRIBUTE MATCHING SECTION # The list of RT attributes that uniquely identify a user # This example shows what you *can* specify.. I recommend reducing this # to just the Name and EmailAddress to save encountering problems later. 'attr_match_list' = ['Name', 'EmailAddress', ], # The mapping of RT attributes on to LDAP attributes 'attr_map' = { 'Name' = 'uid', 'EmailAddress' = 'mail', 'RealName' = 'cn', 'ExternalAuthId' = 'uid', 'Gecos' = 'gecos', 'WorkPhone' = 'telephoneNumber', } }, What more do you need to know to help me get this working? Wes
Re: [rt-users] Why I am recommending 3.6 over 3.8 to my boss
Agreed. One sysadmin managing a score of mission-critical servers and a half dozen projects does not allow much time for one-offs and special cases. Over my 25 years of sysadmin experience, I've learned that the most efficient thing I can do as a sysadmin is to allow the package management system to do much of my work for me. There are legacy systems I inherited with their spaghetti installations of all special-case software and manual hack builds and their touchy interdependencies that I am still afraid to do much more than basic security updates of the OS. Wes On 11/5/2010 5:11 AM, Vick Khera wrote: On Nov 5, 2010, at 5:26 AM, Robert Grasso wrote: This is my own opinion : as you increase your Unix/Linux/RedHat skills, you will feel less concerned by such issues. As you increase the number of systems you need to manage, you will feel more concerned by such issues. A good package manager to manage all of your software is essential to configuration management on a large scale. We even go so far as to make internal packages of our own software to deploy to the servers -- nothing is manually done, except for the one-off office server which does the file/mail serving. As you note later in your message, you have to manually go in and fix up things when you upgrade other parts of your system. This is the job of your package manager. It does not scale to do this by hand.
[rt-users] Why I am recommending 3.6 over 3.8 to my boss
Dear Boss: I strongly recommend going with the 3.6 version of RT. The install takes a few minutes, and it otherwise meets all the requirements of our project. Migration of old queues is simple. There is cost savings in the near and long-term. There is no rpm of RT3.8 that works for RHEL (32 or 64 bit) and none seem to be forthcoming. Someday perhaps someone will put one together, but it doesn't look like anytime soon. I CAN do a manual install of RT3.8 using the Best Practical install scripts. It is not terribly hard. However, the long-term costs of this are large. The install scripts put all the binaries, configuration files, and libraries in the wrong places for RHEL/CentOS, and working outside the package manager means files could be clobbered at any time. On the other hand, the rpms for RT3.6 use the package manager and put all the config files in /etc, all the perl modules in the perl modules dir, and the various tools in /usr/bin and /usr/sbin. The non-standard install using the scripts creates recurring costs in the future as the system is significantly more difficult to update and harder to maintain, like by a factor of 50 (five minutes compared to 4 hours). Additionally, the cost of migration of old content from 3.6 to 3.8 is unknown. Again, I will install either RT3.6 or RT3.8 but I need you to understand and acknowledge the costs of the choice. Wes Thanks to Gary Greene for the info about his latest centos rpm build.
Re: [rt-users] Frustrating attempts to install RT3.8 from RPM
Paul, sounds like you aren't a long term fan of Fedora, RHEL, or CentOS, so I'm guessing yum feels like an inconvenience to you, especially when it seems to be getting in the way of your desired install. I've been a sysadmin for 20 years and I've never been a fan of the make 'n' break style of system administration. There is no way I could manage a score of machines, many with subtly different hardware, if I had to build every package the old way. As it is, I can spend a few hours monthly updating the OS and all installed software on all of our machines, with a simple yum -y update In my opinion, package managers like apt-get and yum are some of the best things to happen to OS in a very long time. Having installs tracked and managed by package managers keeps complicated OSs and their installed software up-to-date, eases system administration (especially as the server to sysadmin ratio increases), increases scalability, increases sysadmin efficiency, and creates standards for software manufacturers. If as a conservative sysadmin you prefer to operate well-back from the bleeding edge anyway, the small trade-off in control is a small price to pay. It is hardly the package manager's fault if a software manufacturer such as Best Practical and its user community fail to create a package for the latest software. Compare that to software whose RPMs are kept relatively up-to-date. Wes On 11/2/2010 3:49 PM, Paul wrote: On 11/02/2010 02:19 PM, Wes Modes wrote: Hello, I have been struggling with attempts to install RT3.8 via RPMs. I know it is perfectly possible to install RT3.8 using the BP install scripts and docs, but I'd prefer to do it through yum for system sustainability, ease of updates and upgrades, etc. ... If I can't resolve this, I will just forget about RT3.8 and stick with RT3.6 of which there is a well-behaved RPM already in the EPEL repo. Wes I'm currently going through a RT move from freebsd to rhel5 (long story, would rather stay with freebsd but don't have a choice here) and have found all kinds of annoying difficulties with yum (or, rather, the packages available.) When I realized that I was trying to stick with yum for ease of upgrades when yum was preventing me from easily keeping up to date, life got a lot easier. In the end I just let cpan install what it could and used yum for the things that gave me trouble in cpan. Using RT's configure and make targets is a lot easier and much more maintainable than having to roll my own rpm just to do it the yum way. Being stuck with an old version of the software in the name of easy upgrades didn't make sense to me. Cheers, Paul
Re: [rt-users] Frustrating attempts to install RT3.8 from RPM
I presume that is CentOS5. That would make me very happy as CentOS RPMs should work for RHEL. One thing I adore about well-built packages is that things are placed in the right location for the OS. For instance, the RT3 rpms put all the config files in /etc, all the perl modules in the perl modules dir, and the various tools in /usr/bin and /usr/sbin. Is yours built that way, or does it keep to the Best Practical distro locations? i guess this means that no one has a solution to the problem I observed with the rpm bundle I did find, ya? Wes On 11/3/2010 11:52 AM, Gary Greene wrote: Agreed. This is why I spent a week with cpan2rpm and built packages for both openSuSE (which we're transitioning to) and CentOS. On 3/11/10 11:21 AM, Wes Modes wmo...@ucsc.edu wrote: Paul, sounds like you aren't a long term fan of Fedora, RHEL, or CentOS, so I'm guessing yum feels like an inconvenience to you, especially when it seems to be getting in the way of your desired install. I've been a sysadmin for 20 years and I've never been a fan of the make 'n' break style of system administration. There is no way I could manage a score of machines, many with subtly different hardware, if I had to build every package the old way. As it is, I can spend a few hours monthly updating the OS and all installed software on all of our machines, with a simple yum -y update In my opinion, package managers like apt-get and yum are some of the best things to happen to OS in a very long time. Having installs tracked and managed by package managers keeps complicated OSs and their installed software up-to-date, eases system administration (especially as the server to sysadmin ratio increases), increases scalability, increases sysadmin efficiency, and creates standards for software manufacturers. If as a conservative sysadmin you prefer to operate well-back from the bleeding edge anyway, the small trade-off in control is a small price to pay. It is hardly the package manager's fault if a software manufacturer such as Best Practical and its user community fail to create a package for the latest software. Compare that to software whose RPMs are kept relatively up-to-date. Wes On 11/2/2010 3:49 PM, Paul wrote: On 11/02/2010 02:19 PM, Wes Modes wrote: Hello, I have been struggling with attempts to install RT3.8 via RPMs. I know it is perfectly possible to install RT3.8 using the BP install scripts and docs, but I'd prefer to do it through yum for system sustainability, ease of updates and upgrades, etc. ... If I can't resolve this, I will just forget about RT3.8 and stick with RT3.6 of which there is a well-behaved RPM already in the EPEL repo. Wes I'm currently going through a RT move from freebsd to rhel5 (long story, would rather stay with freebsd but don't have a choice here) and have found all kinds of annoying difficulties with yum (or, rather, the packages available.) When I realized that I was trying to stick with yum for ease of upgrades when yum was preventing me from easily keeping up to date, life got a lot easier. In the end I just let cpan install what it could and used yum for the things that gave me trouble in cpan. Using RT's configure and make targets is a lot easier and much more maintainable than having to roll my own rpm just to do it the yum way. Being stuck with an old version of the software in the name of easy upgrades didn't make sense to me. Cheers, Paul
Re: [rt-users] Frustrating attempts to install RT3.8 from RPM
That is nice to see that you made a well-crafted rpm that you can be proud of. I wonder what would happen if a later version of RT3 became available via EPEL. Would it nicely replace the files (maybe moving stuff to rpmsave's) or would all hell break loose? What RT3 version is your centos rpm build? When and where would your centos rpm be available to play with? W. On 11/3/2010 4:45 PM, Gary Greene wrote: The CentOS ones follow the RH way of directory layout, with the caveat that I chose to put the other modules that normally get pulled in via cpan in the perl5 site_lib hierarchy to assure that a rouge update from rpmforge or upstream CentOS would be able to be installed without odd file conflicts. The SuSE ones I did slightly differently as I think having the main RT stuff strewn around /usr a little odd. The CPAN stuff is in the perl5 site_lib hierarchy as before, but the main HTML/Mason templates/RT only specific modules/plugins stuff are in /srv/www/htdocs/rt. Configuration stuff is in /etc/rt and the plugin configuration directory is /etc/rt/local/... If I were to do over the CentOS ones, I'd likely do the same as I did with SuSE. On 3/11/10 4:36 PM, Wes Modes wmo...@ucsc.edu wrote: I presume that is CentOS5. That would make me very happy as CentOS RPMs should work for RHEL. One thing I adore about well-built packages is that things are placed in the right location for the OS. For instance, the RT3 rpms put all the config files in /etc, all the perl modules in the perl modules dir, and the various tools in /usr/bin and /usr/sbin. Is yours built that way, or does it keep to the Best Practical distro locations? i guess this means that no one has a solution to the problem I observed with the rpm bundle I did find, ya? Wes On 11/3/2010 11:52 AM, Gary Greene wrote: Agreed. This is why I spent a week with cpan2rpm and built packages for both openSuSE (which we're transitioning to) and CentOS. On 3/11/10 11:21 AM, Wes Modes wmo...@ucsc.edu wrote: Paul, sounds like you aren't a long term fan of Fedora, RHEL, or CentOS, so I'm guessing yum feels like an inconvenience to you, especially when it seems to be getting in the way of your desired install. I've been a sysadmin for 20 years and I've never been a fan of the make 'n' break style of system administration. There is no way I could manage a score of machines, many with subtly different hardware, if I had to build every package the old way. As it is, I can spend a few hours monthly updating the OS and all installed software on all of our machines, with a simple yum -y update In my opinion, package managers like apt-get and yum are some of the best things to happen to OS in a very long time. Having installs tracked and managed by package managers keeps complicated OSs and their installed software up-to-date, eases system administration (especially as the server to sysadmin ratio increases), increases scalability, increases sysadmin efficiency, and creates standards for software manufacturers. If as a conservative sysadmin you prefer to operate well-back from the bleeding edge anyway, the small trade-off in control is a small price to pay. It is hardly the package manager's fault if a software manufacturer such as Best Practical and its user community fail to create a package for the latest software. Compare that to software whose RPMs are kept relatively up-to-date. Wes On 11/2/2010 3:49 PM, Paul wrote: On 11/02/2010 02:19 PM, Wes Modes wrote: Hello, I have been struggling with attempts to install RT3.8 via RPMs. I know it is perfectly possible to install RT3.8 using the BP install scripts and docs, but I'd prefer to do it through yum for system sustainability, ease of updates and upgrades, etc. ... If I can't resolve this, I will just forget about RT3.8 and stick with RT3.6 of which there is a well-behaved RPM already in the EPEL repo. Wes I'm currently going through a RT move from freebsd to rhel5 (long story, would rather stay with freebsd but don't have a choice here) and have found all kinds of annoying difficulties with yum (or, rather, the packages available.) When I realized that I was trying to stick with yum for ease of upgrades when yum was preventing me from easily keeping up to date, life got a lot easier. In the end I just let cpan install what it could and used yum for the things that gave me trouble in cpan. Using RT's configure and make targets is a lot easier and much more maintainable than having to roll my own rpm just to do it the yum way. Being stuck with an old version of the software in the name of easy upgrades didn't make sense to me. Cheers, Paul
[rt-users] Frustrating attempts to install RT3.8 from RPM
Hello, I have been struggling with attempts to install RT3.8 via RPMs. I know it is perfectly possible to install RT3.8 using the BP install scripts and docs, but I'd prefer to do it through yum for system sustainability, ease of updates and upgrades, etc. These instructions show how to set up a local repo and install RT from a bundle, but for version 3.6. *Installing RT 3.6.6 on Redhat Enterprise 5.x (using yum to install from a bundle)* http://wiki.bestpractical.com/view/Rhel5InstallGuide (keep this link, because it is hard to find and all of the sometimes contradictory RT docs look the same) However there is a similar bundle for 3.8.7, so maybe that would work. According to the install doc, we install a host of services first: [r...@testbench1]# yum -y update [r...@testbench1]# yum -y install httpd [r...@testbench1]# yum -y install mysql mysql-server sendmail-cf Start these services: [r...@testbench1]# service mysqld start Starting MySQL:[ OK ] [r...@testbench1]# service httpd start Starting httpd:[ OK ] [r...@testbench1]# chkconfig httpd on [r...@testbench1]# chkconfig mysqld on The docs call for downloading this bundle: http://www.jwhite3.com/files/rt/rt-3.6.6-bundle.tar.gz but we are going to be downloading the 3.8.7 bundle [r...@testbench1]# cd [r...@testbench1]# pwd /root [r...@testbench1]# mkdir rt3 [r...@testbench1]# cd rt3 [r...@testbench1]# wget http://www.jwhite3.com/files/rt/rt_3.8.7_bundle.zip --2010-10-29 16:18:39-- http://www.jwhite3.com/files/rt/rt_3.8.7_bundle.zip Resolving www.jwhite3.com http://www.jwhite3.com... 97.74.144.177 Connecting to www.jwhite3.com|97.74.144.177|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 38577186 (37M) [application/zip] Saving to: `rt_3.8.7_bundle.zip' 100%[] 38,577,186 4.87M/s in 7.8s 2010-10-29 16:18:47 (4.72 MB/s) - `rt_3.8.7_bundle.zip' saved [38577186/38577186] Unpack: [r...@testbench1]# unzip rt_3.8.7_bundle.zip Archive: rt_3.8.7_bundle.zip inflating: install.sh inflating: Modules.tar.gz inflating: rt-3.8.7.tar.gz inflating: rt.repo inflating: rt_repo.tar.gz set up yum repo file: [r...@testbench1]# ls install.sh rt_3.8.7_bundle.zip rt.repo Modules.tar.gz rt-3.8.7.tar.gz rt_repo.tar.gz [r...@testbench1]# cp rt.repo /etc/yum.repos.d/ [r...@testbench1]# vi /etc/yum.repos.d/rt.repo [rt-387-local] name=Request Tracker - $basearch baseurl=file://opt/rt_repo/$basearch/ enabled=1 gpgcheck=0 [rt-387-noarch-local] name=Request Tracker - noarch baseurl=file://opt/rt_repo/noarch/ enabled=1 gpgcheck=0 Unpack the distro part and move it over to /opt where the yum file expected it: [r...@testbench1]# tar xfz rt_repo.tar.gz [r...@testbench1]# mv rt_repo /opt [r...@testbench1]# ls /opt/rt_repo/ i386 noarch x86_64 Okay, let's see if that works: [r...@testbench1]# yum clean all Loaded plugins: rhnplugin, security Cleaning up Everything [r...@testbench1]# yum list rt3 Loaded plugins: rhnplugin, security adobe-linux-i386 | 951 B 00:00 adobe-linux-i386/primary | 12 kB 00:00 adobe-linux-i386 18/18 rhel-i386-server-5 | 1.4 kB 00:00 rhel-i386-server-5/primary | 3.0 MB 00:00 rhel-i386-server-5 7696/7696 rhel-i386-server-vt-5 | 1.4 kB 00:00 rhel-i386-server-vt-5/primary | 41 kB 00:00 rhel-i386-server-vt-5 198/198 rhn-tools-rhel-i386-server-5 | 1.3 kB 00:00 rhn-tools-rhel-i386-server-5/primary | 38 kB 00:00 rhn-tools-rhel-i386-server-5 457/457 file://opt/rt_repo/i386/repodata/repomd.xml: http://opt/rt_repo/i386/repodata/repomd.xml: [Errno 5] OSError: [Errno 2] No such file or directory: '/rt_repo/i386/repodata/repomd.xml' Trying other mirror. Error: Cannot retrieve repository metadata (repomd.xml) for repository: rt-387-local. Please verify its path and try again No clue what this means. I checked the yum locations. I checked the xml metadata. Couldn't see where this bad path was coming from. Any suggestions for resolving this? If I can't resolve this, I will just forget about RT3.8 and stick with RT3.6 of which there is a well-behaved RPM already in the EPEL repo. Wes