You are here: CBM Wiki>Homepages Web>HomepageFlorianUhlig>RedmineFlorianUhlig (revision 4)EditAttach

Redmine Installation Instructions

On the following page I will explain how to install Redmine together with the required packages on a virtual machine running on a normal GSI linux computer. I will describe also which changes have to be done, to run a VM in the DMZ-Service of GSI. Since the machine runs in a different network segment there are some additional steps to be done to enable all needed access to the outside world.

If installing Redmine on a new VM in the DMZ-Service one can skip all points up to Setup VM in DMZ-Service, because the VM is provided by the IT department of GSI.

Prerequisites

  • Root access on the host computer
  • virtualization support on the host computer
  • virtual machine image with basic Debian Wheezy system

Install virtualization support on host computer

For the installation of the virtualization support please check the excellent information provided by Victor Penso. The instructions and the scripts can be found at github. There are also instructions how to get a virtual machine image at GSI.

Adapt the virtual Debian Wheezy image

The image are missing some important features which has to be installed before you can install Redmine using the cookbook. Everything can be installed using apt.

  • lsb-release : without the package chef-solo will not work
  • ca-certificates : allow to install the GSI specific certificates
  • ruby-dev : without the package the mysql installation fails, because it is using gems
  • GSI related certificates : Needed to connect to the GSI subversion repository.
  • locate ?
  • unzip ?

Before running apt one must copy the GSI related certificates to the correct position in the file system of the vm. In the directory with the instance of the vm use the following command to copy the required files from the host system to the correct location of the vm
vm put /usr/local/share/ca-certificates/dfn_pca_global_g01.crt /usr/local/share/ca-certificates/  
vm put /usr/local/share/ca-certificates/gsi_ca_02.crt /usr/local/share/ca-certificates/

After you copied the files login to the machine and run apt to install all the additional packages.

sudo apt-get install lsb-release ca-certificates ruby-dev <everything else>

Now you have an image which can be used as base for the redmine installation.

Create a new instance of the virtual image

vm clone <your image> lxdev01

After some time the machine is provisioned and booted so you can login

vm login

If everything looks okay log out again.

Setup VM in DMZ-Service

This section is only relevant if the machine is in DMZ-Service. Since in this network the connection to the outside is very limited one has to define the required proxy servers. To enable the needed acces for ruby/chef one has to set the correct environment variables in the .bashrc of root

export https_proxy=140.181.64.225:8080
export http_proxy=140.181.64.225:8080
export ftp_proxy=140.181.64.225:8080

If the www-proxy is defined in /etc/hosts (should be standarn with new machines but not tested) it should also be poosible to use the following definition

export https_proxy=www-proxy.gsi.de:8080
export http_proxy=www-proxy.gsi.de:8080
export ftp_proxy=www-proxy.gsi.de:8080

That one can download files using wget, add the proxies also in /etc/wgetrc

https_proxy = http://www-proxy.gsi.de:8080/
http_proxy = http://www-proxy.gsi.de:8080/
ftp_proxy = http://www-proxy.gsi.de:8080/

# If you do not want to use proxy at all, set this to off.
use_proxy = on

That svn can access files from our subversion server at GSI add the proxy settings in the global section of /etc/subversion/servers

[global]
# http-proxy-exceptions = *.exception.com, www.internal-site.org
http-proxy-host = www-proxy.gsi.de
http-proxy-port = 8080
#

It is also necessary to check if the gsi and dfn certificate is installed correctly, otherwise redmine is not able to connect to the subversion server. To test if the certificates are installed correctly (should be the case with the newest gsi-sys cookbook) try to connect to the subversion server

svn ls https://subversion.gsi.de/fairroot

If the output is the listing of the directory everything is okay. If your are asked to accept the certificate of the subversion server there is a problem with the certificates.

Install Redmine

Copy the required cookbooks to the directory holding the instance of the virtual machine

vm config add cookbook <name>

Copy and edit or create the file with the instructions for chef-solo and store in the directory of the instance of the virtual machine. An example of the file is shown below.

{
  "run_list": [
    "recipe[apt]",
    "recipe[redmine]"
  ],
  "apt": {
    "packages": [
      "vim",
      "less",
      "joe",
      "apt-show-versions",
      "lynx",
      "unzip",
      "ruby-dev"
    ]
  },
  "redmine": {
    "databases": {
      "production": {
        "password": "my_secret_password"
      }
    }
  },
  "mysql": {
    "server_root_password": "another_secret_password"
  }
}

Now you can start the installation using chef-solo

vm config solo

which will copy the information to the virtual machine and start chef-solo. The installation will crash at some point (installing libaprutil). Rerun the configuration again and the installation will run till the end.

In case of an official machine one has to copy the files to the correct location in the filesystem which is /var/chef/. The cookbooks have go to the cookbooks subdirectory, the roles to roles and the data-bags to the subdirectories whith the same names. Beside the attributes.json file one needs additionaly the config.rb file which went both to /var/chef. The content of config.rb is shown below.

log_level         :info
log_location      STDOUT
verbose_logging   nil
cookbook_path     ["/var/chef/cookbooks"]
data_bag_path     "/var/chef/data-bags"
role_path         "/var/chef/roles"
cache_type        "BasicFile"
cache_options({   :path => "/tmp/chef/cache/checksums", :skip_expires => true })

The installation procedure is started with

sudo chef-solo -c config.rb -j attributes.json

After chef-solo has finished successfully one has to create the correct rules for the port forwarding from the host machine to the virtual machine. This is again done by some of Victors fantastic scripting commands.

vm forward add <instance_name>:port <port of host computer>

e.g.

vm forward add lxdev02:80 80
vm forward add lxdev02:443 443

Now you can login to Redmine for the first time. Use your favorite browser to navigate to the following URL

.gsi.de

If everything works you will be redirected to the https version of Redmine.

Congratulation. You have now a running Redmine installation. Now we come to the necessary configuration of Redmine.

Redmine Configuration

Change the default admin information

Now you should login and immediately change the admin password. Click on Sign In in the upper left corner of the web page and login with the default combination admin/admin. Click on Administration and Users and choose the admin user to change the password, the mail address and other things. After changing the items don't forget to save. To test if everything works log out and in again.

Change the general settings

Chose Administration, Settings, General and provide a good Name for the Redmine instance and write a nice welcome text which will be shown on the first page. Also set the host name and choose if you prefer http or https. Should make no difference since we redirect http to https anyway. Save the settings.

Sending E-Mail

TODO: Create a template which creates the needed file during the installation procedure.

To be able to send emails one has to set the correct information about the mail transport agent which should be used. Copy the example file, create a symbolic link and edit the file

sudo cp /usr/local/share/redmine/current/config/configuration.yml.example /usr/local/share/redmine/shared/config/configuration.yml
sudo ln -s /usr/local/share/redmine/shared/config/configuration.yml /usr/local/share/redmine/current/config/configuration.yml
joe /usr/local/share/redmine/shared/config/configuration.yml

In this file one finds several examples for different mail configurations. To send email at GSI one can use the smtp server at GSI. The settings are shown below.

default:
  # Outgoing emails configuration (see examples above)
  email_delivery:
    delivery_method: :smtp
    smtp_settings:
      address: "smtp.gsi.de"
      port: 25

sudo service apache2 restart

Save the file and restart apache that the changes take effect. Now log in as admin and choose Administration, Settings, Email notification to change the email settings. Choose a good name as sender address. Beside that chose whatever seems appropriate for you. In the text field for the email footer exchange hostname by the name of the machine. Save the settings and the test the mail by clicking on Send a test mail in the lower right corner of the page. If you receive the mail everything is okay.

Enable the LDAP authentication

To use the secure ldap (sldap) connection to the GSI LDAP server one has to change the ruby ldap module. This is necessary since the GSI ldap server is picky about the used SSL protocol which has to be SSLv3. The ruby openssl module is able to define the used protocol but unfortunately the ldap module cn't pass the information to openssl. To explicitely use the correct version of the protocol change thh following line in /var/lib/gems/1.9.1/gems/net-ldap-0.3.1/lib/net/ldap.rb

    ctx = OpenSSL::SSL::SSLContext.new

has to become

    ctx = OpenSSL::SSL::SSLContext.new("SSLv3")

If you only want to authenticate against the GSI LDAP server, you have to fill in the required information which are shown in the attached screenshot. In this setup it is only tested if the user has a GSI web account and if the given password is correct. If the authentication suceed a new user is created automatically in Redmine.

To do this please choose Administration, LDAP authentication. Since there is no LDAP defined click on new authentication mode and fill the form with help of the attached screenshot.

If you also want to check if the user is in a distinct group you have to use an additional module which is described below.

Due to the changes in the ruby ldap module one has to restart apache again.

sudo service apache2 restart

Please fill the complete form with the required information, log out and try to Sign In with your GSI web account. Don't use Register. If the authentication works you end in the registration form which you have to fill and save.

Install useful plugins

Redmine is extendable by an enormous amount of plugins. A list of available plugins can be found at Redmine webpage. Instructions about plugin installation is here.

In the following I will list a personal list of useful plugins and installation instructions if they differ from the normal installation procedure.

  • Redmine Ldap Sync
  • Code Review

Install and configure the Ldap Sync plugin

The info about the plugin is here

Navigate to the plugins directory (/usr/local/share/redmine/current/plugins), clone the git repository, do the installation and restart the web server.

cd /usr/local/share/redmine/current/plugins
sudo git clone https://github.com/thorin/redmine_ldap_sync.git
cd /usr/local/share/redmine/current/
sudo bundle install
sudo rake redmine:plugins:migrate RAILS_ENV=production
sudo chown -R www-data:www-data tmp/ldap_cache
sudo service apache2 restart

In the Administration section one should see now the LDAP synchronization entry. Choose it and fill the form with the information of the two attached screenshots.

Install the Code Review plugin

The info about the plugin is here

Download the zip file, unzip it and do the installation procedure.

cd /usr/local/share/redmine/current/plugins
sudo wget https://bitbucket.org/haru_iida/redmine_code_review/downloads/redmine_code_review-0.6.2.zip
sudo unzip redmine_code_review-0.6.2.zip
cd /usr/local/share/redmine/current/
sudo rake redmine:plugins:migrate RAILS_ENV=production
sudo service apache2 restart

TODO: Configuration instructions

-- FlorianUhlig - 28 Jun 2013
Topic attachments
I Attachment Action Size Date Who Comment
Ldap_Authentication.tifftiff Ldap_Authentication.tiff manage 205.1 K 12 Jul 2013 - 07:40 FlorianUhlig LDAP Authentication in Redmine
Ldap_Synchronization_1.tifftiff Ldap_Synchronization_1.tiff manage 230.6 K 12 Jul 2013 - 07:41 FlorianUhlig LDAP Synchronization in Redmine
Ldap_Synchronization_2.tifftiff Ldap_Synchronization_2.tiff manage 217.7 K 12 Jul 2013 - 07:41 FlorianUhlig LDAP Synchronization in Redmine
redmine_ldap_group_auth.patchpatch redmine_ldap_group_auth.patch manage 7.3 K 28 Jun 2013 - 12:25 FlorianUhlig Redmine patch for LDAP group authentication
Edit | Attach | Print version | History: r10 | r5 < r4 < r3 < r2 | Backlinks | View wiki text | Edit WikiText | More topic actions...
Topic revision: r4 - 12 Jul 2013, FlorianUhlig
 
This site is powered by FoswikiCopyright © by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding CBM Wiki? Send feedback
Imprint (in German)
Privacy Policy (in German)