Difference: RedmineFlorianUhlig (1 vs. 10)

Revision 10
05 Mar 2014 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

Line: 29 to 29
 
  • unzip ?

Before running apt one must copy the GSI related certificates to the correct position in the file system of the vm. In the directory with the instance of the vm use the following command to copy the required files from the host system to the correct location of the vm
Added:
>
>
 
vm put /usr/local/share/ca-certificates/dfn_pca_global_g01.crt /usr/local/share/ca-certificates/  
Changed:
<
<
vm put /usr/local/share/ca-certificates/gsi_ca_02.crt /usr/local/share/ca-certificates/
>
>
vm put /usr/local/share/ca-certificates/gsi_ca_02.crt /usr/local/share/ca-certificates/
 

After you copied the files login to the machine and run apt to install all the additional packages.
Deleted:
<
<
 
Changed:
<
<
sudo apt-get install lsb-release ca-certificates ruby-dev
>
>
sudo apt-get install lsb-release ca-certificates ruby-dev
 

Now you have an image which can be used as base for the redmine installation.
Line: 43 to 41
  Now you have an image which can be used as base for the redmine installation.

Create a new instance of the virtual image

Deleted:
<
<
 
Changed:
<
<
vm clone lxdev01
>
>
vm clone lxdev01
 

After some time the machine is provisioned and booted so you can login
Deleted:
<
<
 
Changed:
<
<
vm login
>
>
vm login
 

If everything looks okay log out again.

Setup VM in DMZ-Service

Changed:
<
<
This section is only relevant if the machine is in DMZ-Service. Since in this network the connection to the outside is very limited one has to define the required proxy servers. To enable the needed acces for ruby/chef one has to set the correct environment variables in the .bashrc of root
>
>
This section is only relevant if the machine is in DMZ-Service. Since in this network the connection to the outside is very limited one has to define the required proxy servers. To enable the needed acces for ruby/chef one has to set the correct environment variables in the .bashrc of root or even better to put the varibales in /etc/bash.bashrc. In the latter case the settings are valid for all users.
 
export https_proxy=140.181.64.225:8080
export http_proxy=140.181.64.225:8080
Changed:
<
<
export ftp_proxy=140.181.64.225:8080
>
>
export ftp_proxy=140.181.64.225:8080
 

If the www-proxy is defined in /etc/hosts (should be standarn with new machines but not tested) it should also be poosible to use the following definition
Line: 72 to 63
 
export https_proxy=www-proxy.gsi.de:8080
export http_proxy=www-proxy.gsi.de:8080
Changed:
<
<
export ftp_proxy=www-proxy.gsi.de:8080
>
>
export ftp_proxy=www-proxy.gsi.de:8080
 

That one can download files using wget, add the proxies also in /etc/wgetrc
Deleted:
<
<
 
https_proxy = http://www-proxy.gsi.de:8080/
http_proxy = http://www-proxy.gsi.de:8080/
Line: 83 to 72
  ftp_proxy = http://www-proxy.gsi.de:8080/

# If you do not want to use proxy at all, set this to off.
Changed:
<
<
use_proxy = on
>
>
use_proxy = on
 

That svn can access files from our subversion server at GSI add the proxy settings in the global section of /etc/subversion/servers
Deleted:
<
<
 
[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
Line: 93 to 80
  # http-proxy-exceptions = *.exception.com, www.internal-site.org http-proxy-host = www-proxy.gsi.de http-proxy-port = 8080
Changed:
<
<
#
>
>
#
 

It is also necessary to check if the gsi and dfn certificate is installed correctly, otherwise redmine is not able to connect to the subversion server. To test if the certificates are installed correctly (should be the case with the newest gsi-sys cookbook) try to connect to the subversion server
Line: 98 to 84
 

It is also necessary to check if the gsi and dfn certificate is installed correctly, otherwise redmine is not able to connect to the subversion server. To test if the certificates are installed correctly (should be the case with the newest gsi-sys cookbook) try to connect to the subversion server
Deleted:
<
<
 
Changed:
<
<
svn ls https://subversion.gsi.de/fairroot
>
>
svn ls https://subversion.gsi.de/fairroot
 

If the output is the listing of the directory everything is okay. If your are asked to accept the certificate of the subversion server there is a problem with the certificates.
Line: 109 to 92
 

Install Redmine

Copy the required cookbooks to the directory holding the instance of the virtual machine
Deleted:
<
<
 
Changed:
<
<
vm config add cookbook
>
>
vm config add cookbook
 

Copy and edit or create the file with the instructions for chef-solo and store in the directory of the instance of the virtual machine. An example of the file is shown below.
Deleted:
<
<
 
{
  "run_list": [
Line: 143 to 123
  "mysql": { "server_root_password": "another_secret_password" }
Changed:
<
<
}
>
>
}
 

Now you can start the installation using chef-solo
Deleted:
<
<
 
Changed:
<
<
vm config solo
>
>
vm config solo
 

which will copy the information to the virtual machine and start chef-solo. The installation will crash at some point (installing libaprutil). Rerun the configuration again and the installation will run till the end.
Line: 165 to 141
  data_bag_path "/var/chef/data-bags" role_path "/var/chef/roles" cache_type "BasicFile"
Changed:
<
<
cache_options({ :path => "/tmp/chef/cache/checksums", :skip_expires => true })
>
>
cache_options({ :path => "/tmp/chef/cache/checksums", :skip_expires => true })
 

The installation procedure is started with
Added:
>
>
sudo chef-solo -c config.rb -j attributes.json
 
Added:
>
>
The apt recipe always resets the /etc/apt/sources.list with some default values. The poor mans way to solve the problem is to edit the following file /var/chef/cookbooks/apt/templates/default/sources.list.erb and put there the following lines instead of the original ones.
 
Changed:
<
<
sudo chef-solo -c config.rb -j attributes.json
>
>
deb http://mirror.gsi.de/distrib/debian wheezy main contrib non-free deb-src http://mirror.gsi.de/distrib/debian wheezy main contrib non-free deb http://mirror.gsi.de/distrib/debian-security wheezy/updates main contrib non-free deb-src http://mirror.gsi.de/distrib/debian-security wheezy/updates main contrib non-free
 

After chef-solo has finished successfully one has to create the correct rules for the port forwarding from the host machine to the virtual machine. This is again done by some of Victors fantastic scripting commands.
Deleted:
<
<
 
vm forward add <instance_name>:port <port of host computer>
Line: 182 to 161
  e.g.

vm forward add lxdev02:80 80
Changed:
<
<
vm forward add lxdev02:443 443
>
>
vm forward add lxdev02:443 443
 

Now you can login to Redmine for the first time. Use your favorite browser to navigate to the following URL
Line: 202 to 179
 
SSLProtocol ALL -SSLv2
SSLHonorCipherOrder On
Changed:
<
<
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
>
>
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
 

A good description about the topic can be found here
Line: 227 to 201
 
sudo cp /usr/local/share/redmine/current/config/configuration.yml.example /usr/local/share/redmine/shared/config/configuration.yml
sudo ln -s /usr/local/share/redmine/shared/config/configuration.yml /usr/local/share/redmine/current/config/configuration.yml
Changed:
<
<
joe /usr/local/share/redmine/shared/config/configuration.yml
>
>
joe /usr/local/share/redmine/shared/config/configuration.yml
 

In this file one finds several examples for different mail configurations. To send email at GSI one can use the smtp server at GSI. The settings are shown below.
Deleted:
<
<
 
default:
  # Outgoing emails configuration (see examples above)
Line: 240 to 212
  smtp_settings:
address
"smtp.gsi.de"
port
25
Deleted:
<
<
 
Changed:
<
<
sudo service apache2 restart
>
>
sudo service apache2 restart
 

Save the file and restart apache that the changes take effect. Now log in as admin and choose Administration, Settings, Email notification to change the email settings. Choose a good name as sender address. Beside that chose whatever seems appropriate for you. In the text field for the email footer exchange hostname by the name of the machine. Save the settings and the test the mail by clicking on Send a test mail in the lower right corner of the page. If you receive the mail everything is okay.
Line: 252 to 221
 

Enable the LDAP authentication

To use the secure ldap (sldap) connection to the GSI LDAP server one has to change the ruby ldap module. This is necessary since the GSI ldap server is picky about the used SSL protocol which has to be SSLv3. The ruby openssl module is able to define the used protocol but unfortunately the ldap module cn't pass the information to openssl. To explicitely use the correct version of the protocol change thh following line in /var/lib/gems/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb
Deleted:
<
<
 
Changed:
<
<
ctx = OpenSSL::SSL::SSLContext.new
>
>
ctx = OpenSSL::SSL::SSLContext.new
 

has to become
Deleted:
<
<
 
Changed:
<
<
ctx = OpenSSL::SSL::SSLContext.new("SSLv3")
>
>
ctx = OpenSSL::SSL::SSLContext.new("SSLv3")
 

If you only want to authenticate against the GSI LDAP server, you have to fill in the required information which are shown in the attached screenshot. In this setup it is only tested if the user has a GSI web account and if the given password is correct. If the authentication suceed a new user is created automatically in Redmine.
Line: 271 to 235
  If you also want to check if the user is in a distinct group you have to use an additional module which is described below.

Due to the changes in the ruby ldap module one has to restart apache again.
Deleted:
<
<
 
Changed:
<
<
sudo service apache2 restart
>
>
sudo service apache2 restart
 

Please fill the complete form with the required information, log out and try to Sign In with your GSI web account. Don't use Register. If the authentication works you end in the registration form which you have to fill and save.
Line: 289 to 250
  On the redmine server login as administrator and navigate to Administration, Settings, Repositories. On the page click on Enable the WS for repository managment and create a key by clicking on Generate a key. Don't forget to save the changes afterwards.

On the subversion server add a post-commit hook or change the existing one. In any case one has to add the following line
Deleted:
<
<
 
Changed:
<
<
curl "https:///sys/fetch_changesets?key=" --capath /etc/ssl/certs/
>
>
curl "https:///sys/fetch_changesets?key=" --capath /etc/ssl/certs/
 

The extra argument is necessary because the curlinstalltion (at least the one at GSI) uses its own certificates which does not know dfn and gsi. In the ssl cert directory both certificates are present.
Line: 322 to 278
  sudo bundle install sudo rake redmine:plugins:migrate RAILS_ENV=production sudo chown -R www-data:www-data tmp/ldap_cache
Changed:
<
<
sudo service apache2 restart
>
>
sudo service apache2 restart
 

In the Administration section one should see now the LDAP synchronization entry. Choose it and fill the form with the information of the two attached screenshots.
Line: 339 to 293
  sudo unzip redmine_code_review-0.6.2.zip cd /usr/local/share/redmine/current/ sudo rake redmine:plugins:migrate RAILS_ENV=production
Changed:
<
<
sudo service apache2 restart
>
>
sudo service apache2 restart
 

TODO: Configuration instructions
Line: 356 to 308
  sudo unzip redmine_wiki_extensions-0.6.3.zip cd /usr/local/share/redmine/current/ sudo rake redmine:plugins:migrate RAILS_ENV=production
Changed:
<
<
sudo touch tmp/restart.txt
>
>
sudo touch tmp/restart.txt
 

Enable the module on the adminsitration setting page at Administration, Settings, Projects to add the module to any newly created project, and on the projects setting page at Projects, , Settings, Projects to add the module to already existing projects.
Line: 374 to 323
  mysql -u root -p mysql> GRANT LOCK TABLES, SELECT ON redmine.* TO 'BACKUPUSER'@'localhost' IDENTIFIED BY 'secret_password'; mysql> flush privileges;
Changed:
<
<
mysql> exit;
>
>
mysql> exit;
 

Create the needed bash script in the home directory of the default user. The script is shown below.
Deleted:
<
<
 
#! /bin/sh
Line: 406 to 353
  # Backup also the redmine files directory which is used to store uploaded files rsync -a $REDMINE_ROOT/files/ $BACKUP_DIR/files/ git add files
Changed:
<
<
git commit -m"Add files."
>
>
git commit -m"Add files."
 

This will update the git repository on each run of the script.
Line: 431 to 376
  cd $Backup_Dir git pull
Changed:
<
<
#set +xv
>
>
#set +xv
 

To call this script regulary create a cron job.
Deleted:
<
<
 
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
Line: 443 to 386
  HOME=/u/uhlig
Changed:
<
<
15 1 * * * /u/uhlig/backup/redmine/backup_redmine.sh
>
>
15 1 * * * /u/uhlig/backup/redmine/backup_redmine.sh
 

Now each night at 1:15 one get the last changes from the web server. This should be before the normal backup at GSI is started. With this setup one gets a simple and secure backup of Redmine.
Revision 9
04 Feb 2014 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

Line: 364 to 364
 

Backup

Changed:
<
<
In case of a crash of the server and a total loss the server and the applictaion can be created from scratch using the instructions above, so no backup is needed. The relevant information abour Redmine is stored in the mysql database, so a backup of the database is an absolut must, otherwise one would start with an empty datatbase and an empty redmine application.
>
>
In case of a crash of the server and a total loss the server and the applictaion can be created from scratch using the instructions above, so no backup is needed. The relevant information abour Redmine is stored in the mysql database, so a backup of the database is an absolut must, otherwise one would start with an empty datatbase and an empty redmine application. It is also needed t backup the content of the files directory. This directory contain all files which have been uploaded to the server.
 
Changed:
<
<
The backup strategy is in the moment rather simply. Cretae a git repository for a specific backup directory. Do once per day a dump of the mysql database to this backup directory. Add and commit the file to the git repository. Pull the changes of this repository from another computer which is in the normal gsi backup.
>
>
The backup strategy is in the moment rather simply. Cretae a git repository for a specific backup directory. Do once per day a dump of the mysql database to this backup directory. Add and commit the file to the git repository. Also sync the files directory in the backup directory with the redmine installation and add new files to the git repository. Pull the changes of this repository from another computer which is in the normal gsi backup.
 

Since one has to put the mysql password in the script (which is not verry secure), create a backup user whith minimal privileges. To do so login to the mysql database as user root.
Line: 402 to 402
  # Add the database to the repo and commit git add $DB_DUMP git commit -m "Update database dump"
Added:
>
>

# Backup also the redmine files directory which is used to store uploaded files rsync -a $REDMINE_ROOT/files/ $BACKUP_DIR/files/ git add files git commit -m"Add files."
 

This will update the git repository on each run of the script.
Revision 8
12 Nov 2013 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

Line: 193 to 193
 

Congratulation. You have now a running Redmine installation. Now we come to the necessary configuration of Redmine.
Added:
>
>

Apache configuration

To avoid using RC4 encription which is known to be weak and vulnerable we have to swithch it of in the apache ssl configuration. This is done by adding the last of the following lines in /etc/apache2/mods-available/ssl.conf and disabling the original one. The first two lines should be there by default. If not add them, too.

SSLProtocol ALL -SSLv2
SSLHonorCipherOrder On
SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS

A good description about the topic can be found here
 

Redmine Configuration

Change the default admin information

Revision 7
22 Jul 2013 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

Line: 330 to 330
 

TODO: Configuration instructions
Added:
>
>

Install the Wiki Extensions plugin

The info about the plugin is here

Download the zip file, unzip it and do the installation procedure.

cd /usr/local/share/redmine/current/plugins
sudo wget https://bitbucket.org/haru_iida/redmine_wiki_extensions/downloads/redmine_wiki_extensions-0.6.3.zip
sudo unzip redmine_wiki_extensions-0.6.3.zip
cd /usr/local/share/redmine/current/
sudo rake redmine:plugins:migrate RAILS_ENV=production
sudo touch tmp/restart.txt

Enable the module on the adminsitration setting page at Administration, Settings, Projects to add the module to any newly created project, and on the projects setting page at Projects, , Settings, Projects to add the module to already existing projects.
 

Backup

In case of a crash of the server and a total loss the server and the applictaion can be created from scratch using the instructions above, so no backup is needed. The relevant information abour Redmine is stored in the mysql database, so a backup of the database is an absolut must, otherwise one would start with an empty datatbase and an empty redmine application.
Revision 6
19 Jul 2013 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

Line: 330 to 330
 

TODO: Configuration instructions
Added:
>
>

Backup

In case of a crash of the server and a total loss the server and the applictaion can be created from scratch using the instructions above, so no backup is needed. The relevant information abour Redmine is stored in the mysql database, so a backup of the database is an absolut must, otherwise one would start with an empty datatbase and an empty redmine application.

The backup strategy is in the moment rather simply. Cretae a git repository for a specific backup directory. Do once per day a dump of the mysql database to this backup directory. Add and commit the file to the git repository. Pull the changes of this repository from another computer which is in the normal gsi backup.

Since one has to put the mysql password in the script (which is not verry secure), create a backup user whith minimal privileges. To do so login to the mysql database as user root.

mysql -u root -p
mysql> GRANT LOCK TABLES, SELECT ON redmine.* TO 'BACKUPUSER'@'localhost' IDENTIFIED BY 'secret_password';
mysql> flush privileges;
mysql> exit;

Create the needed bash script in the home directory of the default user. The script is shown below.

#! /bin/sh

# Settings
BACKUP_DIR="/data.local1/redmine_backup/"
DB_USER="BACKUPUSER"
DB_PASS="secret_password"
DB="redmine"
DB_DUMP="$BACKUP_DIR/$DB.sql"

# Create your backup directory if it doesn't exist
mkdir -p $BACKUP_DIR

# Dump the database
mysqldump -u $DB_USER -p$DB_PASS --skip-extended-insert $DB > $DB_DUMP

# Change to the backup directory and initialize a new Git repo if necessary
cd $BACKUP_DIR
git init

# Add the database to the repo and commit
git add $DB_DUMP
git commit -m "Update database dump"

This will update the git repository on each run of the script.

On the computer which is in the GSI backup cretae the initial version of the repository using git clone.

git clone ssh://uhlig@lxcbmredmine01.gsi.de/data.local1/redmine_backup

To do this without being asked for the password. put the correct keys to the webserver. After the initial version of the repository is there one can do an git pull to get the latetst ersion from the web server. To do this automatically on can use a script on the backup computer which triggers first the execution of the backup script on the web server and the pull the changes from the remote repository.

#!/bin/bash

#set -xv

Backup_Dir=/u/uhlig/backup/redmine/redmine_backup

# trigger the mysqldump and git add on the remote host
/usr/bin/ssh -T uhlig@lxcbmredmine01.gsi.de /home/uhlig/mysql_backup >> /dev/null 2>&1

# pull the changes from the remote host
cd $Backup_Dir
git pull

#set +xv

To call this script regulary create a cron job.

SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/bin
MAILTO=f.uhlig@gsi.de
HOME=/u/uhlig


15 1 * * * /u/uhlig/backup/redmine/backup_redmine.sh

Now each night at 1:15 one get the last changes from the web server. This should be before the normal backup at GSI is started. With this setup one gets a simple and secure backup of Redmine.

TODO: Describe how to restore the backup. It would be good not to search for the instructions in case of an emergency.

  -- FlorianUhlig - 28 Jun 2013

META FILEATTACHMENT attr="" comment="Redmine patch for LDAP group authentication" date="1372422312" name="redmine_ldap_group_auth.patch" path="redmine_ldap_group_auth.patch" size="7477" user="FlorianUhlig" version="1.1"
Revision 5
17 Jul 2013 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

Line: 206 to 206
 

Sending E-Mail

Changed:
<
<
TODO: Create a template which creates the needed file during the installation procedure.
>
>
TODO: Create a template which creates the needed file during the installation procedure.
 

To be able to send emails one has to set the correct information about the mail transport agent which should be used. Copy the example file, create a symbolic link and edit the file
Line: 266 to 266
  Please fill the complete form with the required information, log out and try to Sign In with your GSI web account. Don't use Register. If the authentication works you end in the registration form which you have to fill and save.
Added:
>
>

Enable the automatic refresh procedure

In the default settings the local information about an external repository is only updated when the information is first accessed. This means if there was no usage of the repository browser for some time, but many commits to the repository, redmine will update first his local information. Depending on the ammount of commits this can be a time consuming action. For this time the application will block, which is a problem for an interactive application. To overcome the problem one can setup a automatic procedure that redmine updates the database immediatly after each commit. In this case the data is always up to date.

To setup this feature one has to enable the mechanism on the redmine server, create a key on the redmine server, and add/change the post-commit hook on the repository server. On the redmine server login as administrator and navigate to Administration, Settings, Repositories. On the page click on Enable the WS for repository managment and create a key by clicking on Generate a key. Don't forget to save the changes afterwards.

On the subversion server add a post-commit hook or change the existing one. In any case one has to add the following line

curl "https://<webserver_adress>/sys/fetch_changesets?key=<generated key>" --capath /etc/ssl/certs/  

The extra argument is necessary because the curlinstalltion (at least the one at GSI) uses its own certificates which does not know dfn and gsi. In the ssl cert directory both certificates are present.

TODO: Find out if there is a possibility to have different keys for different repositories or if there is another way not to check all repositories if there are changes in only one.
 

Install useful plugins

Redmine is extendable by an enormous amount of plugins. A list of available plugins can be found at Redmine webpage. Instructions about plugin installation is here.
Line: 308 to 328
  sudo service apache2 restart
Changed:
<
<
TODO: Configuration instructions
>
>
TODO: Configuration instructions
 

-- FlorianUhlig - 28 Jun 2013
Revision 4
12 Jul 2013 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

On the following page I will explain how to install Redmine together with the required packages on a virtual machine running on a normal GSI linux computer.
Added:
>
>
I will describe also which changes have to be done, to run a VM in the DMZ-Service of GSI. Since the machine runs in a different network segment there are some additional steps to be done to enable all needed access to the outside world.

If installing Redmine on a new VM in the DMZ-Service one can skip all points up to Setup VM in DMZ-Service, because the VM is provided by the IT department of GSI.
 

Prerequisites

Line: 53 to 56
 

If everything looks okay log out again.
Added:
>
>

Setup VM in DMZ-Service

This section is only relevant if the machine is in DMZ-Service. Since in this network the connection to the outside is very limited one has to define the required proxy servers. To enable the needed acces for ruby/chef one has to set the correct environment variables in the .bashrc of root

export https_proxy=140.181.64.225:8080
export http_proxy=140.181.64.225:8080
export ftp_proxy=140.181.64.225:8080

If the www-proxy is defined in /etc/hosts (should be standarn with new machines but not tested) it should also be poosible to use the following definition

export https_proxy=www-proxy.gsi.de:8080
export http_proxy=www-proxy.gsi.de:8080
export ftp_proxy=www-proxy.gsi.de:8080

That one can download files using wget, add the proxies also in /etc/wgetrc

https_proxy = http://www-proxy.gsi.de:8080/
http_proxy = http://www-proxy.gsi.de:8080/
ftp_proxy = http://www-proxy.gsi.de:8080/

# If you do not want to use proxy at all, set this to off.
use_proxy = on

That svn can access files from our subversion server at GSI add the proxy settings in the global section of /etc/subversion/servers

[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = www-proxy.gsi.de
http-proxy-port = 8080
#

It is also necessary to check if the gsi and dfn certificate is installed correctly, otherwise redmine is not able to connect to the subversion server. To test if the certificates are installed correctly (should be the case with the newest gsi-sys cookbook) try to connect to the subversion server

svn ls https://subversion.gsi.de/fairroot

If the output is the listing of the directory everything is okay. If your are asked to accept the certificate of the subversion server there is a problem with the certificates.
 

Install Redmine

Copy the required cookbooks to the directory holding the instance of the virtual machine
Line: 99 to 152
  vm config solo
Changed:
<
<
which will copy the information to the virtual machine and start chef-solo. The installation will crash at some point (installing libaprutil). Rerun the configuration again and the installation will run till the end. After chef-solo has finished successfully one has to create the correct rules for the port forwarding from the host machine to the virtual machine. This is again done by some of Victors fantastic scripting commands.
>
>
which will copy the information to the virtual machine and start chef-solo. The installation will crash at some point (installing libaprutil). Rerun the configuration again and the installation will run till the end.

In case of an official machine one has to copy the files to the correct location in the filesystem which is /var/chef/. The cookbooks have go to the cookbooks subdirectory, the roles to roles and the data-bags to the subdirectories whith the same names. Beside the attributes.json file one needs additionaly the config.rb file which went both to /var/chef. The content of config.rb is shown below.

log_level         :info
log_location      STDOUT
verbose_logging   nil
cookbook_path     ["/var/chef/cookbooks"]
data_bag_path     "/var/chef/data-bags"
role_path         "/var/chef/roles"
cache_type        "BasicFile"
cache_options({   :path => "/tmp/chef/cache/checksums", :skip_expires => true })

The installation procedure is started with

sudo chef-solo -c config.rb -j attributes.json

After chef-solo has finished successfully one has to create the correct rules for the port forwarding from the host machine to the virtual machine. This is again done by some of Victors fantastic scripting commands.
 

vm forward add <instance_name>:port <port of host computer>
Line: 162 to 237
 

Enable the LDAP authentication

Changed:
<
<
If you only want to authenticate against the GSI LDAP server, you only have to fill in the required information which are shown in the attached screenshot. Here it is only tested if the user has a GSI web account and if the given password is correct. If the user is authenticated automatically a new user in Redmine is created.

To do this please choose Administration, LDAP authentication. Since there is no LDAP defined click on new authentication mode and fill the form with help of the attached screenshot.

If you also want to check if the user is in a distinct group you have to patch Redmine and fill the form with the complete info given in the attached screenshot. Also the new lines Group DN and LDAP group filter have to be filled. The two lines mentioned above are only present in the patched version of Redmine.

To patch Redmine copy the attached patch in the redmine directory of the virtual machine. To test if the patch will work you can use the following git commands in the redmine directory (/usr/local/share/redmine/current/)
>
>
To use the secure ldap (sldap) connection to the GSI LDAP server one has to change the ruby ldap module. This is necessary since the GSI ldap server is picky about the used SSL protocol which has to be SSLv3. The ruby openssl module is able to define the used protocol but unfortunately the ldap module cn't pass the information to openssl. To explicitely use the correct version of the protocol change thh following line in /var/lib/gems/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb
 
Changed:
<
<
git apply --stat redmine_ldap_group_auth.patch git apply --check redmine_ldap_group_auth.patch
>
>
ctx = OpenSSL::SSL::SSLContext.new
 
Changed:
<
<
To apply the patch use the following command
>
>
has to become
 
Changed:
<
<
git am --signoff < redmine_ldap_group_auth.patch
>
>
ctx = OpenSSL::SSL::SSLContext.new("SSLv3")
 
Changed:
<
<
Now you have to add the needed changes to the database. This is done with running the following command in the redmine directory.
>
>
If you only want to authenticate against the GSI LDAP server, you have to fill in the required information which are shown in the attached screenshot. In this setup it is only tested if the user has a GSI web account and if the given password is correct. If the authentication suceed a new user is created automatically in Redmine.
 
Changed:
<
<
sudo rake db:migrate RAILS_ENV=production
>
>
To do this please choose Administration, LDAP authentication. Since there is no LDAP defined click on new authentication mode and fill the form with help of the attached screenshot.

If you also want to check if the user is in a distinct group you have to use an additional module which is described below.
 
Changed:
<
<
Now restart apache again and check if the two new lines show up on the web page for LDAP authentication.
>
>
Due to the changes in the ruby ldap module one has to restart apache again.
 

sudo service apache2 restart
Line: 222 to 291
  sudo service apache2 restart
Changed:
<
<
In the Administration section one should see now the LDAP synchronization entry.

The configuration is in the moment unclear. Here we have to understand how the Ldap connection is done in detail. TODO: Get the correct parameters for the Ldap sync
>
>
In the Administration section one should see now the LDAP synchronization entry. Choose it and fill the form with the information of the two attached screenshots.
 

Install the Code Review plugin

Line: 247 to 313
  -- FlorianUhlig - 28 Jun 2013

META FILEATTACHMENT attr="" comment="Redmine patch for LDAP group authentication" date="1372422312" name="redmine_ldap_group_auth.patch" path="redmine_ldap_group_auth.patch" size="7477" user="FlorianUhlig" version="1.1"
Changed:
<
<
META FILEATTACHMENT attr="" comment="Screenshot of the Redmine webpage for LDAP authentication" date="1372422362" name="Redmine_LDAP_Auth.tiff" path="Redmine_LDAP_Auth.tiff" size="308736" user="FlorianUhlig" version="1.1"
>
>
META FILEATTACHMENT attr="" comment="LDAP Authentication in Redmine" date="1373614852" name="Ldap_Authentication.tiff" path="Ldap_Authentication.tiff" size="210070" user="FlorianUhlig" version="1.1"
META FILEATTACHMENT attr="" comment="LDAP Synchronization in Redmine" date="1373614882" name="Ldap_Synchronization_1.tiff" path="Ldap_Synchronization_1.tiff" size="236136" user="FlorianUhlig" version="1.1"
META FILEATTACHMENT attr="" comment="LDAP Synchronization in Redmine" date="1373614906" name="Ldap_Synchronization_2.tiff" path="Ldap_Synchronization_2.tiff" size="222944" user="FlorianUhlig" version="1.1"
Revision 3
02 Jul 2013 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"

Redmine Installation Instructions

Line: 218 to 218
  cd /usr/local/share/redmine/current/ sudo bundle install sudo rake redmine:plugins:migrate RAILS_ENV=production
Added:
>
>
sudo chown -R www-data:www-data tmp/ldap_cache
  sudo service apache2 restart
Revision 2
28 Jun 2013 - Main.FlorianUhlig
Line: 1 to 1
 
META TOPICPARENT name="HomepageFlorianUhlig"
Changed:
<
<

Redmine Installation Instructions

>
>

Redmine Installation Instructions

 

On the following page I will explain how to install Redmine together with the required packages on a virtual machine running on a normal GSI linux computer.
Changed:
<
<

Prerequisites

>
>

Prerequisites

 

  • Root access on the host computer
  • virtualization support on the host computer
  • virtual machine image with basic Debian Wheezy system
Changed:
<
<

Install virtualization support on host computer

>
>

Install virtualization support on host computer

 

For the installation of the virtualization support please check the excellent information provided by Victor Penso. The instructions and the scripts can be found at github. There are also instructions how to get a virtual machine image at GSI.
Changed:
<
<

Adapt the virtual Debian Wheezy image

>
>

Adapt the virtual Debian Wheezy image

 

The image are missing some important features which has to be installed before you can install Redmine using the cookbook. Everything can be installed using apt.
Line: 39 to 39
 

Now you have an image which can be used as base for the redmine installation.
Changed:
<
<

Create a new instance of the virtual image

>
>

Create a new instance of the virtual image

 

vm clone <your image> lxdev01
Line: 53 to 53
 

If everything looks okay log out again.
Changed:
<
<

Install Redmine

>
>

Install Redmine

 

Copy the required cookbooks to the directory holding the instance of the virtual machine
Line: 76 to 76
  "joe", "apt-show-versions", "lynx",
Added:
>
>
"unzip",
  "ruby-dev" ] },
Line: 115 to 116
 

If everything works you will be redirected to the https version of Redmine.
Changed:
<
<
Congretulations. You have now a running Redmine installation. Now we come to the necessary configuration of Redmine.
>
>
Congratulation. You have now a running Redmine installation. Now we come to the necessary configuration of Redmine.
 
Changed:
<
<

Redmine Configuration

>
>

Redmine Configuration

 
Changed:
<
<

Change the default admin information

>
>

Change the default admin information

 

Now you should login and immediately change the admin password. Click on Sign In in the upper left corner of the web page and login with the default combination admin/admin. Click on Administration and Users and choose the admin user to change the password, the mail address and other things. After changing the items don't forget to save. To test if everything works log out and in again.
Changed:
<
<

Change the general settings

>
>

Change the general settings

 

Chose Administration, Settings, General and provide a good Name for the Redmine instance and write a nice welcome text which will be shown on the first page. Also set the host name and choose if you prefer http or https. Should make no difference since we redirect http to https anyway. Save the settings.
Changed:
<
<

Sending E-Mail

>
>

Sending E-Mail

 

TODO: Create a template which creates the needed file during the installation procedure.
Line: 159 to 160
  Save the file and restart apache that the changes take effect. Now log in as admin and choose Administration, Settings, Email notification to change the email settings. Choose a good name as sender address. Beside that chose whatever seems appropriate for you. In the text field for the email footer exchange hostname by the name of the machine. Save the settings and the test the mail by clicking on Send a test mail in the lower right corner of the page. If you receive the mail everything is okay.
Changed:
<
<

Enable the LDAP authentication

>
>

Enable the LDAP authentication

 
Added:
>
>
If you only want to authenticate against the GSI LDAP server, you only have to fill in the required information which are shown in the attached screenshot. Here it is only tested if the user has a GSI web account and if the given password is correct. If the user is authenticated automatically a new user in Redmine is created.
 
Added:
>
>
To do this please choose Administration, LDAP authentication. Since there is no LDAP defined click on new authentication mode and fill the form with help of the attached screenshot.
 
Added:
>
>
If you also want to check if the user is in a distinct group you have to patch Redmine and fill the form with the complete info given in the attached screenshot. Also the new lines Group DN and LDAP group filter have to be filled. The two lines mentioned above are only present in the patched version of Redmine.

To patch Redmine copy the attached patch in the redmine directory of the virtual machine. To test if the patch will work you can use the following git commands in the redmine directory (/usr/local/share/redmine/current/)

git apply --stat redmine_ldap_group_auth.patch
git apply --check redmine_ldap_group_auth.patch

To apply the patch use the following command

git am --signoff < redmine_ldap_group_auth.patch

Now you have to add the needed changes to the database. This is done with running the following command in the redmine directory.

sudo rake db:migrate RAILS_ENV=production

Now restart apache again and check if the two new lines show up on the web page for LDAP authentication.

sudo service apache2 restart

Please fill the complete form with the required information, log out and try to Sign In with your GSI web account. Don't use Register. If the authentication works you end in the registration form which you have to fill and save.

Install useful plugins

Redmine is extendable by an enormous amount of plugins. A list of available plugins can be found at Redmine webpage. Instructions about plugin installation is here.

In the following I will list a personal list of useful plugins and installation instructions if they differ from the normal installation procedure.

  • Redmine Ldap Sync
  • Code Review

Install and configure the Ldap Sync plugin

The info about the plugin is here

Navigate to the plugins directory (/usr/local/share/redmine/current/plugins), clone the git repository, do the installation and restart the web server.

cd /usr/local/share/redmine/current/plugins
sudo git clone https://github.com/thorin/redmine_ldap_sync.git
cd /usr/local/share/redmine/current/
sudo bundle install
sudo rake redmine:plugins:migrate RAILS_ENV=production
sudo service apache2 restart

In the Administration section one should see now the LDAP synchronization entry.

The configuration is in the moment unclear. Here we have to understand how the Ldap connection is done in detail. TODO: Get the correct parameters for the Ldap sync

Install the Code Review plugin

The info about the plugin is here

Download the zip file, unzip it and do the installation procedure.

cd /usr/local/share/redmine/current/plugins
sudo wget https://bitbucket.org/haru_iida/redmine_code_review/downloads/redmine_code_review-0.6.2.zip
sudo unzip redmine_code_review-0.6.2.zip
cd /usr/local/share/redmine/current/
sudo rake redmine:plugins:migrate RAILS_ENV=production
sudo service apache2 restart

TODO: Configuration instructions
  -- FlorianUhlig - 28 Jun 2013
Added:
>
>
META FILEATTACHMENT attr="" comment="Redmine patch for LDAP group authentication" date="1372422312" name="redmine_ldap_group_auth.patch" path="redmine_ldap_group_auth.patch" size="7477" user="FlorianUhlig" version="1.1"
META FILEATTACHMENT attr="" comment="Screenshot of the Redmine webpage for LDAP authentication" date="1372422362" name="Redmine_LDAP_Auth.tiff" path="Redmine_LDAP_Auth.tiff" size="308736" user="FlorianUhlig" version="1.1"
 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding CBM Wiki? Send feedback
Imprint (in German)
Privacy Policy (in German)