Radiant Engineering: How to Install ((OTRS)) 6 Community Edition
on CentOS 7
Welcome to a new section of our Medium blog, Radiant Engineering! We’re going to post technical manuals and guides with our practical advice and life hacks. Let’s start with ((OTRS)) 6 Community Edition installation manual.
The choice of CentOS for OTRS 6 is quite obvious. This system is stable enough and in case anything happens RedHat provides support for it. Everything is clear, there is nothing to add.
But why do we need to talk about setting up OTRS for CentOS 7? The thing is that the OTRS AG, the ((OTRS)) Community Edition’s vendor, doesn’t support CentOS 8 yet.
Of course, you still can set up OTRS on CentOS 8. Do not install OTRS from RPM for RHEL7, use a source instead. We’ve done that a few times, and there are many things you need to get right, while the stability is still questionable.
Let’s suppose that we have a clear set CentOS 7 Minimal and SSH access to it. We’ll split the setting up process into 3 stages:
- OS preparation
- Initial set up
1. Operating system’s preparation
1.1 Add EPEL repository:
yum install epel-release -y
1.2 Lifehack 1
After that we usually set up tmux and work in it. If you like screen more, set it up. If you don’t use either and you’re sure about the connection channel, you can set OTRS up without them.
yum install tmux -y
Then we go to tmux console. Here is a quick cheat sheet for it.
1.3 If you need change the hostname:
hostnamectl set-hostname host_name
systemctl restart systemd-hostnamed
1.4 Set the needed time zone:
timedatectl set-timezone Europe/Berlin
1.5 And update before the next settings.
yum update -y
1.5 Then I set up a few tools. Something is convenient for me, something is needed for setting up:
yum install net-tools vim wget man vim-enhanced screen mc telnet wget crontabs openssh-clients mailx sudo make gcc htop nmon sysstat sysbench hdparm lsof -y
1.6 Check out the firewall. Some hosts don’t have it at all or turn it off. Look what’s open. If the firewall is installed, we see the list of open ports. If it’s not…
…then we install it:
yum install firewalld -y
systemctl enable firewalld
systemctl start firewalld
1.7 Next step. Remove the dhcpv6 and add http(https):
firewall-cmd --permanent --zone=public --remove-service=dhcpv6-client
firewall-cmd --permanent --zone=public --add-service=http
firewall-cmd --permanent --zone=public --add-service=https
1.8 Don’t forget to remove the cockpit for CentOS 8. It’s opened in default.
firewall-cmd --permanent --zone=public --remove-service=cockpit
1.8 Now let’s secure our SSH:
Move it from the 22th port to any one you like.
Change the port in configuration SSHD:
## Port 22 -> Port 22222
Change the port in firewall service:
<port protocol="tcp" port="22222"/>
systemctl restart sshd && systemctl restart firewalld
Yes, we didn’t write seds. This way you need to go through the setting process by yourself instead of copying stuff without reading instructions.
Let’s protect ourselves a bit from brute force:
yum install fail2ban -y
systemctl enable fail2ban
systemctl start fail2ban
systemctl status fail2banecho '
# Ban hosts for one hour:
bantime = 3600
# Override /etc/fail2ban/jail.d/00-firewalld.conf:
banaction = iptables-multiport
enabled = true' > /etc/fail2ban/jail.local
systemctl restart fail2ban
1.10 We’ve protected our system a bit. Now let’s turn off the SELINUX. If you want to you can set it up and everything will work with it anyway. But let’s do it like in that old joke: there were two windows in the classroom. One had bars for theft protection, the other didn’t for fire-safety.
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
sed -i 's/^SELINUX=.*/SELINUX=disabled/g' /etc/sysconfig/selinux
1.11 Lifehack 2: the OS set up final touch
This setting is all about system tuning. We always change at least 1 arg, vm.swappiness. It’s a setting for RAM load after reaching which the system writes to SWAP.
As generally advised we set it to 10%, so the system writes to SWAP when RAM is filled to 90%. You can set this arg to what you please.
echo 'vm.swappiness = 10' >> /etc/sysctl.conf
(Yes, you can use sysctl -p, but we like this way)
That’s all with the minimal OS settings. Usually we reboot the system at this stage and check if we’ve forgotten something.
2. OTRS install
…which will start right after installing and setting up everything we need for OTRS.
2.1 Web-server setting.
Let’s begin with the easiest:
yum install httpd -y
systemctl enable httpd
systemctl start httpd
2.2 DB install
We recommend either MariaDB or PostgreSQL. We’re not going to describe all product settings for DB in details in this post. There are many good articles and courses. Just google it. We will discuss DB setup next time.
NOTICE MySQL 8+ is not supported!
The latest edition for now is 10.4. (https://downloads.mariadb.org/mariadb/repositories/#distro=CentOS&distro_release=centos7-amd64--centos7&mirror=mephi&version=10.4)
MariaDB installing in default:
# MariaDB 10.4 CentOS repository list — created 2020–06–19 21:29 UTC
name = MariaDB
baseurl = http://yum.mariadb.org/10.4/centos7-amd64
gpgcheck=1' > /etc/yum.repos.d/MariaDB.repo
Install + devel, otherwise the actual package DBD::mysql won’t run up.
yum install MariaDB-server MariaDB-client MariaDB-devel -y
Do all DB settings according to characteristics of the server’s technical parameters. Here is a tip for one of them for you to avoid trouble with file upload and package install:
max_allowed_packet = 100M
max_allowed_packet = 100M
After all settings start and add to autoload:
systemctl start mariadb
systemctl enable mariadb
systemctl status mariadb
As usual, set root password and drop test DB:
Officially the main version for now is v.12. In reality version 14 is widely used, so we install it:
# Install the RPM repository:
yum install yum install -y https://download.postgresql.org/pub/repos/yum/reporpms/EL-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
# Install PostgreSQL:
yum install postgresql14-server postgresql14-contrib
# Optionally initialize the database and enable automatic start:
systemctl enable postgresql-14
systemctl start postgresql-14
Give access on a local host with a password:
Change #host all all 127.0.0.1/32 ident
For host all all 127.0.0.1/32 password
Set the password for a role postgres
sudo -u postgres pqsl
alter role postgres with password "your_password";
systemctl restart postgresql-14
If you’re going to copy from the website, consider 2 more packages: contrib and devel. The first one we need for statistics and other add-ons, the second is for DBD::Pg integration.
Notice: you can install it this way for a product system, but it’s wrong. Default settings can be used not only for testing and assistant goals, but for overwhelming majority of small businesses as well. If you have DBA experience, install and set the resources in the right way!
2.3 Perl modules install and update
The main modules install:
yum install fetchmail perl-URI mod_perl perl-libwww-perl perl-Net-DNS perl-IO-Socket-SSL \
perl-XML-Parser perl-DBI procmail perl-DateTime-Format-DateParse perl-core perl-Crypt-SSLeay \
perl-POEComponent-Client-LDAP perl-JSON-XS perl-Mail-IMAPClient perl-PDF-API2 perl-Text-CSV_XS \
perl-Digest-SHA perl-LDAP perl-GDGraph perl-Encode-HanExtra perl-Text-CSV perl-Crypt-Eksblowfish \
perl-YAML-LibYAML fcgi perl-Archive-Zip perl-Template-Toolkit perl-XML-LibXSLT bash-completion \
perl-DBD-Pg perl perl-File-MimeInfo perl-Mojolicious perl-DBD-MySQL -y
Perl packages update
Be careful! You can do this way only with testing systems or with original install. Otherwise it can damage production system. If you really need to update it on prod, don’t forget about snapshots and backups.
yum install perl-App-cpanminus -y
#Delete cpanm installed from repo
yum erase perl-App-cpanminus
#Create a link for a new edition
ln -s /usr/local/bin/cpanm /bin/cpanm
#Update all old packages
/usr/local/bin/cpan-outdated -p | cpanm
#outdated doesn’t update all packages, so the next ones are updated manually
cpanm Apache::DBI Apache2::Reload Archive::Tar Archive::Zip Crypt::Eksblowfish::Bcrypt Crypt::SSLeay Date::Format DateTime DBI DBD::Pg Digest::SHA Encode::HanExtra JSON::XS List::Util::XS LWP::UserAgent Mail::IMAPClient IO::Socket::SSL Authen::SASL Authen::NTLM ModPerl::Util Net::DNS Net::LDAP Net::SMTP Template Template::Stash::XS Text::CSV_XS Time::HiRes XML::LibXML XML::LibXSLT XML::Parser YAML::XScpanm Archive::Zip XML::LibXML DBD::File Moo Date::Calc
If you chose MariaDB or MySQL, set DBD::mysql instead of DBD::Pg. If there is an error with zerofill test only (probably will be), set cpanm DBD::mysql — force
If you have more errors, you need to find the reasons. Probably you’ll need to install MariaDB-shared package, sometimes it helps.
2.4 OTRS install (finally).
Install the latest edition. It’s 6.0.30 as of July 2021:
rpm -ivh otrs-6.0.30–02.noarch.rpm
If you’ve done everything correct, there will be a help text for daemons and cron jobs running up. But we’ll do it after the OTRS install is finished.
Restart the apache and go to web by link at the end of package installing. You can write it by yourself using the example, if the hostname and fqdn don’t match.
systemctl restart httpd
3. Initial set up
Web configuration — DB setup
Accept license and continue.
Choose your DB type. In our example it’s PostgreSQL. Next.
Fill in the login details. In our example it’s “password”. Then press “Check database settings”.
Fill in the company’s name, admin’s email if needed, and choose “No” in check MX record. Next.
Skip this step. Anyway, it doesn’t work properly in the installer, it’s better to install this directly in the system.
That’s it. The main part of installing is finished. But who needs a system without any settings?
Run daemon and cronjobs
/opt/otrs/bin/Cron.sh start otrs
Check if the cronjobs are there.
crontab -u otrs -l
Go to admin interface with login details you have. Then go to section “Admin”.
Email sets in three sections. Let’s set the address on which behalf the system will send letters first. Go to “Email Addresses”.
Choose otrs@localhost. We’ll change it for a real address.
1. Fill in the real address, which you want to send emails from.
2. Choose the queue. The system will send notifications and replies on its behalf. In our example it’s Postmaster. You can use only one account for letters’ sending in default. If you need more, you may set the other account’s rights “send on behalf of” in email server or simply install the MultiSMTP add-one.
3. Save and finish.
Set the incoming mail. Go to “Admin” — “PostMaster Mail Account”.
Click “Add Mail Account”.
1. Choose the protocol. It can be IMAP, POP3 or its variation.
2. Fill in the login.
3. Fill in the password.
4. Put the host. If a port is different from default one, you may put mail.yourmailserver.com:port.
5. Dispatching. Choose “Dispatching by selected Queue.
6. Choose the queue for getting letters and creating tickets from this email account.
Then set the outgoing mail. “Admin” — “System Configuration”.
Roll out “Navigation” -> “Core” -> “Email”.
1. Write down the protocol SMTP, SMTPS, SMTPTLS. Or MultiSMTP, if it’s installed. Then do outgoing mail configuration in the section “Admin” — “SMTP Configurations”.
2. Confirm changes.
3. Fill in the password.
4. Confirm changes.
5. Fill in the login.
6. Confirm changes.
7. Fill in the hostname for outgoing mail.
8. Confirm changes.
9. Fill in the port, if it’s not default.
10. Confirm changes.
Let’s set up article storage in а file system to avoid overloading the database.
Also let’s set up log storage in a separate file, it’s be easier to view them.
Go to Core (1) — CommunicationChannel(2) — MIMEBase(3)
Then change ArticleStorageDB for ArticleStorageFS (4) and confirm (5)
Notice: if you don’t like a standard holding point, you may also put the holding way right here. But don’t forget to access the permissions. If you hold some articles in DB and you don’t want to move it out, click on the checkbox next to CheckAllStorageBackends.
Go to Core(1) — Log(2)
Put the method. Kernel::System::Log::File
4. Confirm changes.
5. Choose where to save the logs. In our case it’s standard OTRS folder. But if you want to save logs in some other point, don’t forget to give the access.
6. Confirm changes.
7. Click on the checkbox. The system will create a new log file monthly.
8. Confirm changes.
9. And finally deploy all our changes in the system’s configuration! Everything we confirmed before hasn’t deployed yet!
After you clicked “Deployment” we have the list with all changes we made. Check if everything is correct and click “Deploy selected changes”.
That’s about it! OTRS is installed, email, logs and articles including attachments are set. There is no limit to perfection, but we’ll find what write about in next post.
What else can you do? Of course, you should set the https. You can install the nginx in front of apache. In additional, you can optimize a cash, CMDB, etc. Follow us on Medium for more tech posts in RS Engineering section!