Radiant System
Published in

Radiant System

Radiant Engineering: How to Install ((OTRS)) 6 Community Edition
on CentOS 7

Welcome to a new section of our Medium blog, Radiant Engineering! We’re going to post technical manuals and guides with our practical advice and life hacks. Let’s start with ((OTRS)) 6 Community Edition installation manual.

The choice of CentOS for OTRS 6 is quite obvious. This system is stable enough and in case anything happens RedHat provides support for it. Everything is clear, there is nothing to add.

But why do we need to talk about setting up OTRS for CentOS 7? The thing is that the OTRS AG, the ((OTRS)) Community Edition’s vendor, doesn’t support CentOS 8 yet.

Of course, you still can set up OTRS on CentOS 8. Do not install OTRS from RPM for RHEL7, use a source instead. We’ve done that a few times, and there are many things you need to get right, while the stability is still questionable.

Let’s go.

Let’s suppose that we have a clear set CentOS 7 Minimal and SSH access to it. We’ll split the setting up process into 3 stages:

  1. OS preparation
  2. Installation
  3. Initial set up

1. Operating system’s preparation

1.1 Add EPEL repository:

yum install epel-release -y

1.2 Lifehack 1

After that we usually set up tmux and work in it. If you like screen more, set it up. If you don’t use either and you’re sure about the connection channel, you can set OTRS up without them.

yum install tmux -y

Then we go to tmux console. Here is a quick cheat sheet for it.


1.3 If you need change the hostname:

hostnamectl set-hostname host_name
systemctl restart systemd-hostnamed
hostnamectl status

1.4 Set the needed time zone:

timedatectl set-timezone Europe/Berlin

1.5 And update before the next settings.

yum update -y

1.5 Then I set up a few tools. Something is convenient for me, something is needed for setting up:

yum install net-tools vim wget man vim-enhanced screen mc telnet wget crontabs openssh-clients mailx sudo make gcc htop nmon sysstat sysbench hdparm lsof -y

1.6 Check out the firewall. Some hosts don’t have it at all or turn it off. Look what’s open. If the firewall is installed, we see the list of open ports. If it’s not…

firewall-cmd --list-all

…then we install it:

yum install firewalld -y
systemctl enable firewalld
systemctl start firewalld

1.7 Next step. Remove the dhcpv6 and add http(https):

firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https

1.8 Don’t forget to remove the cockpit for CentOS 8. It’s opened in default.

firewall-cmd --permanent --zone=public --remove-service=cockpit
firewall-cmd --reload

1.8 Now let’s secure our SSH:

Move it from the 22th port to any one you like.

Change the port in configuration SSHD:

vim /etc/ssh/sshd_config
## Port 22 -> Port 22222

Change the port in firewall service:

vim /usr/lib/firewalld/services/ssh.xml
<port protocol="tcp" port="22222"/>

And apply:

systemctl restart sshd && systemctl restart firewalld

Yes, we didn’t write seds. This way you need to go through the setting process by yourself instead of copying stuff without reading instructions.

Let’s protect ourselves a bit from brute force:

yum install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2ban
echo '
# Ban hosts for one hour:
bantime = 3600
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
enabled = true' > /etc/fail2ban/jail.local
systemctl restart fail2ban

1.10 We’ve protected our system a bit. Now let’s turn off the SELINUX. If you want to you can set it up and everything will work with it anyway. But let’s do it like in that old joke: there were two windows in the classroom. One had bars for theft protection, the other didn’t for fire-safety.

sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
setenforce 0

1.11 Lifehack 2: the OS set up final touch

This setting is all about system tuning. We always change at least 1 arg, vm.swappiness. It’s a setting for RAM load after reaching which the system writes to SWAP.

As generally advised we set it to 10%, so the system writes to SWAP when RAM is filled to 90%. You can set this arg to what you please.

sysctl vm.swappiness=10
echo 'vm.swappiness = 10' >> /etc/sysctl.conf

(Yes, you can use sysctl -p, but we like this way)

That’s all with the minimal OS settings. Usually we reboot the system at this stage and check if we’ve forgotten something.

2. OTRS install

…which will start right after installing and setting up everything we need for OTRS.

2.1 Web-server setting.

Let’s begin with the easiest:

yum install httpd -y
systemctl enable httpd
systemctl start httpd

2.2 DB install

We recommend either MariaDB or PostgreSQL. We’re not going to describe all product settings for DB in details in this post. There are many good articles and courses. Just google it. We will discuss DB setup next time.

NOTICE MySQL 8+ is not supported!

a) MariaDB

The latest edition for now is 10.4. (https://downloads.mariadb.org/mariadb/repositories/#distro=CentOS&distro_release=centos7-amd64--centos7&mirror=mephi&version=10.4)

MariaDB installing in default:

echo '
# MariaDB 10.4 CentOS repository list — created 2020–06–19 21:29 UTC
# http://downloads.mariadb.org/mariadb/repositories/
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgcheck=1' > /etc/yum.repos.d/MariaDB.repo

Install + devel, otherwise the actual package DBD::mysql won’t run up.

yum install MariaDB-server MariaDB-client MariaDB-devel -y

Do all DB settings according to characteristics of the server’s technical parameters. Here is a tip for one of them for you to avoid trouble with file upload and package install:

vim /etc/my.cnf.d/server.conf
max_allowed_packet = 100M
max_allowed_packet = 100M

After all settings start and add to autoload:

systemctl start mariadb
systemctl enable mariadb
systemctl status mariadb

As usual, set root password and drop test DB:


b) PostgreSQL

Officially the main version for now is v.12. In reality version 14 is widely used, so we install it:

# Install the RPM repository:

yum install yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm

# Install PostgreSQL:

yum install postgresql14-server postgresql14-contrib

# Optionally initialize the database and enable automatic start:

/usr/pgsql-14/bin/postgresql-14-setup initdb
systemctl enable postgresql-14
systemctl start postgresql-14

Give access on a local host with a password:

vim /var/lib/pgsql/14/data/pg_hba.conf
Change #host all all ident
For host all all password

Set the password for a role postgres

sudo -u postgres pqsl
alter role postgres with password "your_password";
systemctl restart postgresql-14

If you’re going to copy from the website, consider 2 more packages: contrib and devel. The first one we need for statistics and other add-ons, the second is for DBD::Pg integration.

Notice: you can install it this way for a product system, but it’s wrong. Default settings can be used not only for testing and assistant goals, but for overwhelming majority of small businesses as well. If you have DBA experience, install and set the resources in the right way!

2.3 Perl modules install and update

The main modules install:

yum install fetchmail perl-URI mod_perl perl-libwww-perl perl-Net-DNS perl-IO-Socket-SSL \
perl-XML-Parser perl-DBI procmail perl-DateTime-Format-DateParse perl-core perl-Crypt-SSLeay \
perl-POEComponent-Client-LDAP perl-JSON-XS perl-Mail-IMAPClient perl-PDF-API2 perl-Text-CSV_XS \
perl-Digest-SHA perl-LDAP perl-GDGraph perl-Encode-HanExtra perl-Text-CSV perl-Crypt-Eksblowfish \
perl-YAML-LibYAML fcgi perl-Archive-Zip perl-Template-Toolkit perl-XML-LibXSLT bash-completion \
perl-DBD-Pg perl perl-File-MimeInfo perl-Mojolicious perl-DBD-MySQL -y

Perl packages update

Lifehack 3

Be careful! You can do this way only with testing systems or with original install. Otherwise it can damage production system. If you really need to update it on prod, don’t forget about snapshots and backups.

#Install cpanm

yum install perl-App-cpanminus -y

#Update cpanm

cpanm App::cpanminus

#Delete cpanm installed from repo

yum erase perl-App-cpanminus

#Create a link for a new edition

ln -s /usr/local/bin/cpanm /bin/cpanm

#Set cpanoutdated

cpanm App::cpanoutdated

#Update all old packages

/usr/local/bin/cpan-outdated -p | cpanm

#outdated doesn’t update all packages, so the next ones are updated manually

cpanm Apache::DBI Apache2::Reload Archive::Tar Archive::Zip Crypt::Eksblowfish::Bcrypt Crypt::SSLeay Date::Format DateTime DBI DBD::Pg Digest::SHA Encode::HanExtra JSON::XS List::Util::XS LWP::UserAgent Mail::IMAPClient IO::Socket::SSL Authen::SASL Authen::NTLM ModPerl::Util Net::DNS Net::LDAP Net::SMTP Template Template::Stash::XS Text::CSV_XS Time::HiRes XML::LibXML XML::LibXSLT XML::Parser YAML::XScpanm Archive::Zip XML::LibXML DBD::File Moo Date::Calc

If you chose MariaDB or MySQL, set DBD::mysql instead of DBD::Pg. If there is an error with zerofill test only (probably will be), set cpanm DBD::mysql — force

If you have more errors, you need to find the reasons. Probably you’ll need to install MariaDB-shared package, sometimes it helps.

2.4 OTRS install (finally).

Install the latest edition. It’s 6.0.30 as of July 2021:

wget https://downloads.radiantsd.org/releases/RPMS/rhel/7/otrs-6.0.30-02.noarch.rpm
rpm -ivh otrs-6.0.30–02.noarch.rpm

If you’ve done everything correct, there will be a help text for daemons and cron jobs running up. But we’ll do it after the OTRS install is finished.

Restart the apache and go to web by link at the end of package installing. You can write it by yourself using the example, if the hostname and fqdn don’t match.

systemctl restart httpd

For example:


3. Initial set up

Web configuration — DB setup

Click “Next”.

Accept license and continue.

Choose your DB type. In our example it’s PostgreSQL. Next.

Fill in the login details. In our example it’s “password”. Then press “Check database settings”.



Fill in the company’s name, admin’s email if needed, and choose “No” in check MX record. Next.

Skip this step. Anyway, it doesn’t work properly in the installer, it’s better to install this directly in the system.

That’s it. The main part of installing is finished. But who needs a system without any settings?

Run daemon and cronjobs

/opt/otrs/bin/Cron.sh start otrs

Check if the cronjobs are there.

crontab -u otrs -l

Email settings

Go to admin interface with login details you have. Then go to section “Admin”.

Email sets in three sections. Let’s set the address on which behalf the system will send letters first. Go to “Email Addresses”.

Choose otrs@localhost. We’ll change it for a real address.

1. Fill in the real address, which you want to send emails from.

2. Choose the queue. The system will send notifications and replies on its behalf. In our example it’s Postmaster. You can use only one account for letters’ sending in default. If you need more, you may set the other account’s rights “send on behalf of” in email server or simply install the MultiSMTP add-one.

3. Save and finish.

Set the incoming mail. Go to “Admin” — “PostMaster Mail Account”.

Click “Add Mail Account”.

1. Choose the protocol. It can be IMAP, POP3 or its variation.

2. Fill in the login.

3. Fill in the password.

4. Put the host. If a port is different from default one, you may put mail.yourmailserver.com:port.

5. Dispatching. Choose “Dispatching by selected Queue.

6. Choose the queue for getting letters and creating tickets from this email account.

7. Save.

Then set the outgoing mail. “Admin” — “System Configuration”.

Roll out “Navigation” -> “Core” -> “Email”.

1. Write down the protocol SMTP, SMTPS, SMTPTLS. Or MultiSMTP, if it’s installed. Then do outgoing mail configuration in the section “Admin” — “SMTP Configurations”.

2. Confirm changes.

3. Fill in the password.

4. Confirm changes.

5. Fill in the login.

6. Confirm changes.

7. Fill in the hostname for outgoing mail.

8. Confirm changes.

9. Fill in the port, if it’s not default.

10. Confirm changes.

Let’s set up article storage in а file system to avoid overloading the database.
Also let’s set up log storage in a separate file, it’s be easier to view them.

Articles settings

Go to Core (1) — CommunicationChannel(2) — MIMEBase(3)

Then change ArticleStorageDB for ArticleStorageFS (4) and confirm (5)

Notice: if you don’t like a standard holding point, you may also put the holding way right here. But don’t forget to access the permissions. If you hold some articles in DB and you don’t want to move it out, click on the checkbox next to CheckAllStorageBackends.

Log settings

Go to Core(1) — Log(2)

Put the method. Kernel::System::Log::File

4. Confirm changes.

5. Choose where to save the logs. In our case it’s standard OTRS folder. But if you want to save logs in some other point, don’t forget to give the access.

6. Confirm changes.

7. Click on the checkbox. The system will create a new log file monthly.

8. Confirm changes.

9. And finally deploy all our changes in the system’s configuration! Everything we confirmed before hasn’t deployed yet!

After you clicked “Deployment” we have the list with all changes we made. Check if everything is correct and click “Deploy selected changes”.

That’s about it! OTRS is installed, email, logs and articles including attachments are set. There is no limit to perfection, but we’ll find what write about in next post.

What else can you do? Of course, you should set the https. You can install the nginx in front of apache. In additional, you can optimize a cash, CMDB, etc. Follow us on Medium for more tech posts in RS Engineering section!



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store