The Database

A few diagrams of the RT’s database schema are available:

• Steve Turner’s Model
• The official RT 3.4 schema
• Jesse Vincent’s model (pdf)

If you are unfamiliar with some of the keys and conventions used in Visio graphs, the below table provides some helpful information. Mandatory (not null) columns are displayed in bold.

PK	Primary key	–––0+	0 or 1
FK	Foreign key	–––0<–	0 or more
U	Unique column	–––++	Exactly 1
I	Indexed column	–––+<–	1 or more
O	Optimal columns

Further clarification can be found in chapter 8 titled “Architect” of the “RT Essentials” book from O’Reilly. Look for the section “Logical and Object Model” which takes a tour of RT’s logical and object models.

Perl Module

Referring once more the the “RT Essentials” book’s chapter 8 on architecture, the below diagram maps the layers involved with RT.

A quick overview of what the provide:

1. Allowing a database independent interface to Perl is the DBI module.
2. DBIx::SearchBuilder encapsulate SQL queries and rows in simple perl objects allowing object-oriented applications like RT to talk to a table-oriented relational database.
3. The RT application platform libraries provide database connectivity, logginng infrastructures, users, groups, access control, links, etc. Basically it is the guts of RT.
4. The RT ticketing system libraries uses the RT application platform.
5. The Mason handler run on top of the RT core libraries and provides a wrapper around the Mason templating system. The Mason templates consists of the user interface templates, which designed for end users to interact with their browsers, and the REST templates, which are designed to be easy for other software to interact with RT.

Creating, querying, and editing tickets in an RT instance could be done by using RT Command Line Interface (CLI) calls embedded in programs. Or, one could directly plug into the RT libraries. To maintain compatibility with future releases of RT, we will be using RT’s built in REST interface.

Fortunately, Dmitri Tikhonov has created the RT::Client::REST. If Ruby is your preferred language, Tom Lahti has cared a Ruby library to interface with RT.

Jesse Vincent posted recently on the Best Practical blog, “RT 4 – status report.” While it will be awhile before RT4 is out, Jesse has written that “RT4 is based on Jifty and serves up both the legacy /REST/1.0 interface and Jifty’s much more modern REST interface.” End result is that compatibility will be maintained.

Perl Modules Installation

Make sure to follow the instructions from “Request Tracker Installation (Part 2 of 2).” The Perl foundation defines kwalitee as “a set of formalities that tend to coincide with quality, according to consensus. It is of course much less useful than quality, but at least it can be measured.” Install the Perl module Module::CPANTS::Analyse and Test::Kwalitee, along with supporting modules, for quality testing.

/usr/local/src root# perl -MCPAN -e 'install Module::CPANTS::Analyse' /usr/local/src root# perl -MCPAN -e 'install Test::Kwalitee'

If you have read any of Terry Goodkind’s Sword of Truth series of books, you maybe familiar with his character Zedd saying, “If the road is easy, you’re likely going the wrong way.” No where is this more true than in IT. Life is made a bit easier if you check active bugs when setting up software. Fortunately, RT-Client-REST does have an active bug listing.

There is a bug involving CustomFields change in RT 3.8 and how RT matched on the # symbol. RT incorrectly matched when using the REST interface because RT::Client::REST had a CustomField with a # at the end. Jerrad Pierce has just posted that the necessary changes were mote extensive and the code should be pulled down from SVN. We will pull the code from there.

/usr/local/src root# svn checkout \
     http://rt-client-rest.googlecode.com/svn/trunk/ rt-client-rest-read-only
/usr/local/src root# cd  rt-client-rest-read-only/rt-client-rest
/usr/local/src/rt-client-rest-read-only/rt-client-rest root# perl Makefile.PL
/usr/local/src/rt-client-rest-read-only/rt-client-rest root# make
/usr/local/src/rt-client-rest-read-only/rt-client-rest root# make test
/usr/local/src/rt-client-rest-read-only/rt-client-rest root# make install

Connecting up through SSL requires a few additional steps. make sure to install the Perl module Crypt::SSLeay.

 /usr/local/src root# perl -MCPAN -e 'install Crypt::SSLeay'

Ruby

If you need to install Ruby please see my earlier post “Implementing Puppet: Act One.” Ruby 1.9.x is a fairly significant change. See Josh Haberman post “Ruby 1.9.1 released,” Markus Prinz post “Ruby 1.9 – What’s new? What’s changed?“, and Peter Cooper’s post “23 Useful Ruby 1.9 Links and Resources.” If you are working with Ruby, you need Dave Thomas‘ book “Programming Ruby 1.9: The Pragmatic Programmers’ Guide,” which is about to be released and is available in electronic format.

When you issue the “gem install rt-client,” errors involving the TMail file tmailscanner.c will occur. First, it was looking for header files in directory /usr/local/include/ruby-1.9.1 instead of /usr/local/include/ruby-1.9.1/ruby and complaining about “re.h: No such file or directory“. As Zedd would say, “Nothing is ever easy.” If you fix that problem, TMail will complain about “struct RString.” This is a show stopper if you want to use Ruby 1.9.x. When this gets fixed, I will try and come back and update this post.

Connecting Securely

Modify the RT_SiteConfig.pm to use port 443.

Before (Without SSL): Set($WebBaseURL , " http://rt.yourdomain.com");
After (With SSL): Set($WebBaseURL , " https://rt.yourdomain.com:443");

Please change rt.yourdomain.com to the appropriate host value for your organization.

The REST Interface does not support HTTP-Authentication. If your web server requires users to log in, you will end up with authentication problems. As of this writing, there are problems when when both authentication mechanisms are used together. A work around, if your program is running on the same machine as the web server, is to setup a virtual host for 127.0.0.1 that does not use HTTP-Authentication. Make sure to connections are allowed from client 127.0.0.1 only. The outside world interface can continue to be forced to use HTTPS and HTTP-Authentication.

Sample Program

With the supporting software in place, we can now write a program. Below is a simple program that connects up to OpenSSL’s RT site, pulls out all new and open tickets belonging to the OpenSSL-Bugs queue, and prints out the id, subject, owner, status, and when the ticket was created.

#!/usr/local/bin/perl -w

  use strict;
  use Error qw(:try);
  use RT::Client::REST;
  use Data::Dumper;

  my %Config = (
      server      => 'http://rt.openssl.org/',
      username    => 'guest',
      password    => 'guest',
      queue       => 'OpenSSL-Bugs'
  );
  my $rt = RT::Client::REST->new(
    server => $Config{server},
    timeout => 30,
  );

  try {
    $rt->login(username => $Config{username}, password => $Config{password} );
  }
  catch Exception::Class::Base with {
    die "problem logging in: ", shift->message;
  };

  my @ids;
  try {
    @ids = $rt->search(
        type    => 'ticket',
        query   => qq[
            (Status = 'new' or Status = 'open')
            and
            Queue = '$Config{queue}'
        ],
    );
  }
  catch Exception::Class::Base with {
    die "search failed", shift->message;
  };
  for my $id (@ids) {
    my $ticket = $rt->show(type => 'ticket', id => $id);
    print "ID: $id\n";
    print Dumper($ticket);
   }

Final Thoughts

One of the more difficult aspect of connecting several different open source projects is what to do with various versions of the software. While it is unfortunate that we will have to wait for software to get updated on the Ruby side, we are now ready to start working with Perl. In the next post, we will go through the steps to take a program that monitors activity and informs administrators via email, to a system that uses RT to perform this function. By doing so, we gain operational tracking capability. We are about to start having some fun.

Before going any further, I did want to give credit to the Doctor, who has been good enough to post over on his ITIL Service Management blog a mind mapping of the incident management process under ITIL. That mind map is the image used in today’s blog. While it has nothing directly to do with RTIR, it is interesting in terms of incident management and I wanted to give proper credit.

Installation

Below are the basic steps involved with installing RTIR.

1. Download and install required Perl modules.

There are several Perl packages, which are dependent on other packages, and so the cycle goes. You can install there packages using cpan, with commands like:

/usr/local/src root# perl -MCPAN -e 'install Business::Hours' /usr/local/src root# perl -MCPAN -e 'install Net::Whois::RIPE'

Sometimes you can run into problems installing modules in that manner. Another alternative is to pull down the package, untar, configure, compile, and install in a manner similar to:

root# cd /usr/local/src /usr/local/src root# wget http://search.cpan.org/CPAN/authors/\ id/M/MR/MRSAM/Net-CIDR-0.11.tar.gz /usr/local/src root# tar xzf Net-CIDR-0.11.tar.gz /usr/local/src root# cd Net-CIDR-0.11 /usr/local/src/Net-CIDR-0.11 root# perl Makefile.PL /usr/local/src/Net-CIDR-0.11root# make test /usr/local/src/Net-CIDR-0.11 root# make install

To make installation of RTIR as easy as possibly, you may want to make sure the following packages are installed.

2. Download, configure, and install RTFM.

The stable RTIR package was released back to 2004, way before the most recent RT 3 release. Pull down the most recently updated for RT 3 release of the RT FAQ Manager (RTFM). To quote from the FAQ, “RTFM lets you open, categorize and search for ‘articles.’ Like RT, RTFM lets your users contribute additional information to existing articles and makes sure that each article’s full history is preserved for future inspection. RTFM makes it easy to quickly search the knowledge base and find critical information.”

root# cd /usr/local/src /usr/local/src root# wget http://download.bestpractical.com/pub/rt/devel/\ RTIR_M3/RTFM-2.2.2.tar.gz /usr/local/src root# tar xzf RTFM-2.2.2.tar.gz /usr/local/src root# cd RTFM-2.2.2 /usr/local/src/RTFM-2.2.2 root# perl Makefile.PL /usr/local/src/RTFM-2.2.2 root# make /usr/local/src/RTFM-2.2.2 root# make install /usr/local/src/RTFM-2.2.2 root# make initdb /usr/local/src/RTFM-2.2.2 root# cd .. /usr/local/src root# wget http://download.bestpractical.com/pub/rt/devel/\ RTIR_M3/RTFM-Extension-ArticleTemplates-0.01.tar.gz /usr/local/src root# tar xzf RTFM-Extension-ArticleTemplates-0.01.tar.gz /usr/local/src root# cd RTFM-Extension-ArticleTemplates-0.01 /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# perl Makefile.PL /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# make /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# make install /usr/local/src/RTFM-Extension-ArticleTemplates-0.01root# cd ..

3. Download, configure, and install RTIR.

Pull down the most recently updated for RT 3 release of RTIR.

root# cd /usr/local/src /usr/local/src root# wget http://download.bestpractical.com/pub/rt/devel/\ RTIR_M3/RT-IR-2.3.17.tar.gz /usr/local/src root# tar xzf RT-IR-2.3.17.tar.gz /usr/local/src root# cd RT-IR-2.3.17 /usr/local/src/RT-IR-2.3.17 root# perl Makefile.PL /usr/local/src/RT-IR-2.3.17 root# make install

4. Edit RT configuration file.

Edit the RT configuration file /opt/rt3/etc/RT_SiteConfig.pm adding the RTIR configuration file /opt/rt3/local/plugins/RT-IR/etc/RTIR_Config.pm.

/usr/local/src/RT-IR-2.3.17 root# vi /opt/rt3/etc/RT_SiteConfig.pm

Add the lines:

# The RTIR config file $RTIR_CONFIG_FILE = "/opt/rt3/local/plugins/RT-IR/etc/RTIR_Config.pm"; require $RTIR_CONFIG_FILE || die ("Couldn't load RTIR config file '$RTIR_CONFIG_FILE'\n$@"); Set(@Plugins, 'RT::FM', 'RT::IR');

5. Initialize the database.

Update the RT database.

/usr/local/src/RT-IR-2.3.17 root# make initdb

6. Stop and restart the Apache server.

For good measure, restart the Apache server.

/usr/local/src/RT-IR-2.3.17 root# /usr/local/apache/bin/apachectl stop /usr/local/src/RT-IR-2.3.17 root# /usr/local/apache/bin/apachectl start

7. Configure RTIR.

Configuration of RT and RTIR is a topic for another post; maybe even a book. I will include below basic instructions from RTIR readme. Please see the next section for additional documentation.

1) Using RT’s configuration interface, add the email address
of the Network Operations Team (the people who will handle
activating and removing Blocks) as AdminCC on the Blocks queue.
RT -> Configuration -> Queues -> Blocks -> Watchers

2) You may want to modify the email messages that are automatically
sent on the creation of Investigations and Blocks.
RT -> Queues -> <select RTIR’s Queue> -> Templates.
RT -> Global -> Templates.

3) By default, RT ships with a number of global Scrips. You should use
RT’s configuration interface to look through them, and disable any
that aren’t apropriate in your environment.
RT -> Queues -> </select><select RTIR’s Queue> -> Scrips.
RT -> Global -> Scrips.

4) Add staff members who handle incidents to the DutyTeam group.
RT -> Configuration -> Groups -> DutyTeam -> Members.

5) You can override values in the RTIR_Config.pm in your
RT_SiteConfig.pm file. Just add your customizations after the “require”
line mentioned above.

Additional Information

RT has a nice user interface. In order to figure out and use the program, you need to read the documentation. We may come back and do a post on configuration. How you configure RTIR software depends on the environment and your plans for using the software. Below is a listing of several information sources.

• DocIndex.pod – Can also view DocIndex.pod with the command:
  perldoc lib/RT/IR/DocIndex.pod
• AdministrationTutorial.pod – Can also view AdministrationTutorial.pod with the command:
  perldoc lib/RT/IR/AdministrationTutorial.pod
• Config.pm – Can also view Constituencies.pod with the command:
  perldoc lib/RT/IR/Config.pm
• Constituencies.pod – Can also view Constituencies.pod with the command:
  perldoc lib/RT/IR/Constituencies.pod
• Ticket.pm – Can also view Ticket.pm with the command:
  perldoc lib/RT/IR/Tutorial.pod
• Tutorial.pod – Can also view Tutorial.pod with the command:
  perldoc lib/RT/IR/Tutorial.pod

If you are going to be using RT, you need to get the “RT Essentials” book written by Jesse Vincent, Robert Spier, Dave Rolsky, Darren Chamberlain, and Richard Foley. It is a good reference and a quick read. For up-to-date information, see the RT Wiki and the Best Practical Solutions blog site.

Prerequisites

To start, please review the following posts:

1. An Apache Implementation
2. Apache and OpenSSL
3. PHP Implementation
• PHP as a Module
• PHP as a CGI
• PHP Configuration Modifications
4. Introduction to MySQL
5. Setting Up and Securing MySQL: References
6. Implementing a Web Application Firewall with ModSecurity

Install Software

With Apache, MySQL, PHP, OpenSSL, and ModSecurity installed, we are now ready to focus on software packages required by RT.

1. Installing expat.

Different operating systems will vary on whether expat, the XML parser, is installed. Expat is needed to complete the cpan install for XML::RSS. Check your particular operating system.

 root# cd /usr/local/src
 /usr/local/src root# wget http://downloads.sourceforge.net/expat/expat-2.0.1.tar.gz
 /usr/local/src root# tar xzf expat-2.0.1.tar.gz
 /usr/local/src root# cd expat-2.0.1
 /usr/local/src/expat-2.0.1 root# ./configure
 /usr/local/src/expat-2.0.1 root# make
 /usr/local/src/expat-2.0.1 root# make check
 /usr/local/src/expat-2.0.1 root# make install

2. Install FastCGI

For RT, you can install mod_perl or mod_fastcgi. In this posting, we are going to walks through the installation of FastCGI. Information concerning mod_perl will be provided below so the reader can chose what fits best in their environment. FastCGI is much simpler to install and allows the core Apache process to stay small in size. With FastCGI, RT runs as a separate process from Apache allowing RT to be stopped and restarted without affecting the Apache server. In general, FastCGI programs are easier to manage.

The Apache module mod_fastcgi allows a web server to run CGI scripts via a separate, persistent program. PHP comes with FastCGI support compiled in by default, so nothing needs to be done to the PHP installation.

You can have the Apache program call FastCGI, and have it run as the same user as the Apache server or use suexec to have FastCGI switch to a different user. Under some operating systems, suexec may not get compiled and installed when installing Apache. Check if suexec is installed, and if not go back to the Apache source, compile it, and install it. Initially, we are not going to use the suexec program. Instead we will create the group “rt”, add user httpd to group rt, and set permissions that way. You may choose later to use suexec.

 root# ls -la /usr/local/apache/bin/suexec
ls: /usr/local/apache/bin/suexec: No such file or directory
 root# cd /usr/local/src/httpd-2.2.8
 /usr/local/src/httpd-2.2.8 root# make suexec
 /usr/local/src/httpd-2.2.8 root# cp ./support/suexec /usr/local/apache/bin/suexec

Now, we are ready to get mod_fastcgi installed.

 root# cd /usr/local/src
 /usr/local/src root# wget http://www.fastcgi.com/dist/mod_fastcgi-2.4.6.tar.gz
 /usr/local/src root# tar xzf mod_fastcgi-2.4.6.tar.gz
 /usr/local/src root# cd mod_fastcgi-2.4.6
 /usr/local/src/mod_fastcgi-2.4.6 root# cp Makefile.AP2 Makefile
 /usr/local/src/mod_fastcgi-2.4.6 root# make top_dir=/usr/local/apache
 /usr/local/src/mod_fastcgi-2.4.6 root# make top_dir=/usr/local/apache install
 /usr/local/src/mod_fastcgi-2.4.6 root# /usr/local/apache/bin/apachectl stop
 /usr/local/src/mod_fastcgi-2.4.6 root# vi /usr/local/apache/conf/httpd.conf

Add the following lines to the Apache httpd.conf file:

# Load the mod_fastcgi module.
LoadModule fastcgi_module modules/mod_fastcgi.so

Check if installation and configuration is working.

 /usr/local/src/mod_fastcgi-2.4.6 root# /usr/local/apache/bin/apachectl configtest
Syntax OK
 /usr/local/src/mod_fastcgi-2.4.6 root# /usr/local/apache/bin/apachectl start
 /usr/local/src/mod_fastcgi-2.4.6 root# cat /var/www/logs/error_log | grep -i fastcgi
[Fri Aug 01 12:17:22 2008] [notice] FastCGI: process manager initialized (pid 15221)
[Fri Aug 01 12:17:22 2008] [notice] Apache/2.2.8 (Unix) mod_ssl/2.2.8
OpenSSL/0.9.7a mod_fastcgi/2.4.6 configured -- resuming normal operations

For in depth coverage of mod_perl, Stas Bekman and Eric Cholet have written the book, “Practical mod_perl.” They have made the complete book available online in both HTML and PDF format under the Creative Commons Attributes Share-Alike License. Stas Bekman and Jim Brandt have also written the “mod_perl2 User’s Guide Book” where 50% of the book’s proceeds go to The Perl Foundation.

If you are installing under Mac OS X, mod_perl may complain about Perl 5.8.8 being built without threads and you will get a message about building perl with -Duserthreads. If you are determined to use mod_perl, consider dropping back to Apache 1.3.x and using mod_perl 1.x. While Apache 1.3.x is legacy code, and I tend to want to use the code that is being actively developed, there is an argument for using Apache 1.3.x. One major feature of Apache 2.x is threading. On Windows, where most basic libraries are and must be threadsafe, Apache 2 is really the only choice. Earlier Mac OS X releases did not include a completely thread-safe libc, so threading is still not fully supported in Perl. This is why the Perl version that comes with Mac OS X is not compiled to use threads. To use Apache2.x, Perl will need to be configured to use threads. The code is available from the Perl web site.

Rather than getting bogged down in compiling Perl to use thread, we will move ahead and use FastCGI. By the time this post, I will have worked on getting RT installed under Linux, Mac OS X, and FreeBSD. Figuring out what software works best in a multi OS environment can be challenging.

3. Configure RT

Let us start by adding the group RT. Under many operating systems, this would be done with the simple command “groupadd rt.” Things are always more interesting under Mac OS X, where you would have to first look at what group ids (gid), choose an unused gid, and then create the rt group using that gid. Under Mac OS X Leopard, group rt would be created with the commands:

 root# dscl . list /groups PrimaryGroupID | sort -k 2,2 -n
 root# dscl . create /groups/rt gid gid-of-rt
 root# dscl . create /groups/rt passwd '*'
 root# dscl . read /groups/rt
AppleMetaNodeLocation: /Local/Default
Password: *
PrimaryGroupID: gid-of-rt
RecordName: rt
RecordType: dsRecTypeNative:groups

RT’s primary maintenance and documentation site is http://www.bestpractical.com. Documentation can be found at the Best Practical Solutions RT Wiki located at http://wiki.bestpractical.com/. The latest TAR/GZ is located at http://download.bestpractical.com/pub/rt/release/rt.tar.gz. The lack of any version numbers means the version can be updated at any time. The latest version, as of this writing, is 3.8.0.

The following are the steps for downloading and configuring RT:

 root# cd /usr/local/src
 /usr/local/src root# wget http://download.bestpractical.com/pub/rt/release/rt.tar.gz
 /usr/local/src root# tar xzf rt.tar.gz
 /usr/local/src root# cd rt-3.8.0
 /usr/local/src/rt-3.6.5 root# ./configure \
  --with-web-user="httpd" \
  --with-web-group="httpd" \
  --with-rt-user="httpd" \
  --with-rt-group="rt"

4. Install Apache::TEST

Perl module Apache::TEST will not allow you to run the test check as root. You can download the module separately as a non root user and after configuring, compiling, and testing the program, you install it as root.

 root# su - goofy
 ~$ cd src
 ~/src goofy$ wget http://search.cpan.org/CPAN/authors/id/P/PH/PHRED/Apache-Test-1.30.tar.gz
 ~/src goofy$ tar xzf Apache-Test-1.30.tar.gz
 ~/src goofy$ cd Apache-Test-1.30
 ~/src goofy$ perl Makefile.PL
 ~/src goofy$ make
 ~/src goofy$ make test
 ~/src goofy$ sudo su root
 root# make instal

5. Run fixdeps Command and Install Perl Modules

Now you are ready to utilize the fixedeps utility that comes with RT to install required Perl modules. There is also the testdeps utility to test if all dependencies are installed and RT is ready to be installed. You may need to run fixdeps multiple times before testdeps reports that you have all required software packages. The first time through, it can take awhile (depending on your installation). Be aware that some perl modules may need to be installed manually. It various depending on OS and your environment. You will be able to tell which modules need manual installation by the final message provided by the fixdeps program.

 root# cd /usr/local/src/rt-3.8.0
 /usr/local/src/rt-3.8.0 root# make fixdeps
 /usr/local/src/rt-3.8.0 root# make fixdeps
 /usr/local/src/rt-3.8.0 root# make testdeps

6. Install RT

The final installation of RT is the easy part.

 /usr/local/src/rt-3.8.0 root# make install

7. Configure RT_SiteConfig.pm

We now will configure /opt/rt3/etc/RT_SiteConfig.pm. In the next step a database user and a database will be setup. We are only adding those values to the configuration file in this step. I am going to set up a hostname (rt.securitymonks.com) for my current machine. Please do not copy blindly. Change this to your environment. We will create the hostname so it only exists locally by adding an entry into the machines /etc/hosts file. Right now, I am only going to access the Apache server from this machine. In other words, the client and server will be on the same box.

 /usr/local/src/rt-3.8.0 root# vi /etc/hosts

Add the following line, adapting it to your organization:

 /usr/local/src/rt-3.8.0 root# vi /etc/hosts
##
127.0.0.1       localhost
10.1.218.202   rt.securitymonks.com

We are now ready to modify the RT_SiteConfig.pm file.

 /usr/local/src/rt-3.8.0 root# vi /opt/rt3/etc/RT_SiteConfig.pm

At minimum, add the following linesto /opt/rt3/etc/RT_SiteConfig.pm:

Set($rtname, 'BRORT');
Set($Organization, 'securitymonks');

Set($CorrespondAddress , 'john@securitymonks.com');
Set($CommentAddress , 'john@securitymonks.com');

Set($Timezone , 'US/Eastern'); # obviously choose what suits you

# THE DATABASE:

Set($DatabaseType, 'mysql'); # e.g. Pg or mysql

# These are the settings we used above when creating the RT database,
# you MUST set these to what you chose in the section above.

Set($DatabaseUser , 'rtuser');
Set($DatabasePassword , 'secret');
Set($DatabaseName , 'rtdb');

# THE WEBSERVER:

Set($WebPath , '');
Set($WebBaseURL , 'https://rt.securitymonks.com');

# Logging
Set($LogToSyslog, '');
Set($LogToFile, 'debug');
Set($LogDir, '/opt/rt3/var/log');
Set($LogToFileNamed, "rt.log");

8. Initialize the Database

RT needs to create the rtdb database, the rt db users, and initialize some tables. This can be done with the command initialize-database, which should be run only once.

 /usr/local/src/rt-3.8.0 root# make initialize-database
 /usr/local/bin/perl sbin/rt-setup-database --action init --dba root --prompt-for-dba-password
In order to create or update your RT database, this script needs to connect to your mysql
instance on localhost as root.  Please specify that user's database password below. If the
user has no database

password, just press return.

Password:
Working with:
Type:   mysql
Host:   localhost
Name:   rtdb
User:   rtuser
DBA:    root
Now creating a mysql database rtdb for RT.
Done.
Now populating database schema.
Done.
Now inserting database ACLs
Granting access to rtuser@'localhost' on rtdb.
Done.
Now inserting RT core system objects
Done.
Now inserting data
Done inserting data
Done.

Check the MySQL database out.

 /usr/local/src/rt-3.8.0 root# mysql -u rtuser -p
mysql> use rtdb;

9. Modify Apache Configuration File

Edit the /usr/local/apache/conf/httpd.conf file.

 /usr/local/src/rt-3.8.0 root# /usr/local/apache/bin/apachectl stop
 /usr/local/src/rt-3.8.0 root# vi /usr/local/apache/conf/httpd.conf

We are going to have the RT server run under our secure web server. Find the “<virtualhost _default_:443>” line, change it to “<virtualhost 10.1.218.202:443>“. Add the following lines to that section (adjusting to your environment):

   ServerName rt.securitymonks.com
   DocumentRoot /opt/rt3/share/html
   ErrorLog /usr/local/apache/logs/rt.error
   LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined
   CustomLog /usr/local/apache/logs/rt.access_log combined
   AddHandler fastcgi-script fcgi
   ScriptAlias / /opt/rt3/bin/mason_handler.fcgi/

Add the user the Apache server runs as (httpd by default), to the RT group. For non Mac OS X, modify group membership by editing the file /etc/group (vi /etc/group). Mac OS X users need to user the dscl command.

 root# dscl . append /groups/rt GroupMembership httpd
 root# dscl . read /groups/rt

Change the group and permission on the log area if you have told RT to log to /opt/rt3/var/log.

 root# chgrp rt /opt/rt3/var/log
 root# chmod g+w /opt/rt3/var/log

Test the configuration of the file, and if everything checks out start up Apache.

 /usr/local/src/rt-3.8.0 root# /usr/local/apache/bin/apachectl configtest
Syntax OK
 /usr/local/src/rt-3.8.0 root# /usr/local/apache/bin/apachectl start

Remember there are now three files to check for problems with RT.

• /opt/rt3/var/log/rt.log
• /usr/local/apache/logs/rt.error
• /usr/local/apache/logs/rt.access_log

There are many configuration operations. The options chosen in this post represents only the minimal to get RT running. Please see the RT Wiki’s FastCGIConfiguration page for additional information.

10. Access RT and Change the Default Password

Now it is time to log in and change the default password. Using the entry we made in our /etc/hosts file, we can now access the site by going to https://rt.securitymonks.com. This URL should be different for your site. You will see a login screen similar to the image on the left.

Log in using the username “root” and password “password“. Once logged in, you will see the screen similar to the image below (click on the image if you need to enlarge):

Over on the left menu bar, select “Configuration.” That will bring you to the “RT Administration” screen:

Select, “Users.” That will bring you to the “Select a user” screen:

Select the user “root,” which will bring you to the “Modify the user root” screen. If you look at the lower left of the screen, there is a “Access Control area.” There is a place to enter “New Password.” Do so. The screen looks like:

Make sure to hit the “Save Changes” button at the bottom of the screen. With a working copy of RT, you are not ready to start adjusting configurations and working with the program. For additional information, Please check out the “RT Essentials” and the RT Wiki and the Best Practical Solutions blog site. Look for future posts to build upon the RT installation and database.

I wanted to write some notes on the installation of Request Tracker (RT); one man’s experience. So everything does not happen at once, I am splitting the posting between need to know links before starting and step-by-step installation instructions.

Let me start off by address what is RT? RT is an enterprise-grade ticketing system which allows for the checking of the status of various tasks. This includes when the tasks were requested, who requested the tasks and why, when the tasks were completed, prioritizing, assigning, notification, etc. RT is an open source ticketing system enabling a group of people to manage tasks, issues, and requests submitted by a community of users. RT has interfaces for command-line, e-mail, IRC and the Web. RT audits all of its operations in a database, making it portable and expandable should the project management tasks grow beyond the capacity of the initial installation machine. Being an issue tracking system at the core, RT is a flexible tool capable of performing tasks unrelated to project management. It can be used as a public task list, an administrative task manager and journal, or a help desk tool (many companies use RT just for help desk issues).

Best Practical has two additional open source packages that may be of interest for integration with RT:

• The RT FAQ Manager (RTFM) is a knowledge management tool that enables an organization to easily capture and share its employees’ knowledge and wisdom. Where RT tracks issues, RTFM tracks articles.
• RT for Incident Response (RTIR) is the premiere open-source incident-handling system, designed with the needs of CERT teams and incident-response teams in mind. It makes IR tasks easier and lets you solve your problems more efficiently.

Sources

There were a few sources very helpful with the installation process. First, the book, “RT Essentials” by Dave Rolsky; Darren Chamberlain; Richard Foley; Jesse Vincent; Robert Spier. There is also the RT Installation Guides available from the Best Practical Solution website. The Wiki will provide up-to-date installation instructions for the various operating systems. Finally the article “Zen and the art of installing Request Tracker 2.0.x” by Jesse Tilly. Unfortunately you do have to register to get the guide and it is a little dated. Still, Jesse manages to make the installation of RT interesting. Plus, any article with “Zen” in the title always requires a look.

Requirements and Resources

Below are a few publicly accessible resources, courtesy of Jesse Tilly. Any mistakes are on me, since I am editing, updating, and combing information:

• RT: RT’s latest release is available at http://www.bestpractical.com/rt/download.html.
  • RT’s Wiki. http://wiki.bestpractical.com/view/HomePage
  • RT-devel mailing list (good place to check on in-progress features and fixes, especially to check on WinRT). http://lists.bestpractical.com/pipermail/rt-devel/
  • RT-user mailing list (good for help with special installation instructions and user issues). http://lists.bestpractical.com/pipermail/rt-users/

• Perl, Perl Modules and CPAN: RT is intrinsically tied to the Perl platform, so it could help your understanding of RT to understand Perl a bit better. For RT 3.0.0 and greater you need Perl 5.8.3 or newer.
  • Perl’s home (which uses RT for issue tracking). http://www.perl.org/
  • The Comprehensive Perl Archive Network (CPAN) is a core part of Perl programming. A tool is included with RT which takes care of the installation of most of the Perl modules automatically. The tool supplied with RT uses Perl’s CPAN system to install modules.
  • A good introduction on modules, found at the CPAN site. http://cpan.org/modules/00modlist.long.html#Introduction

• Web Server: Apache sits at the core of many Web-driven applications. With regards to RT, Apache’s primary application is its Perl modules, giving RT a Web-based front end. You can chhose to user another webserver, but it must have FastCGI support.
  • Apache’s home. http://www.apache.org
  • mod_perl’s home. http://perl.apache.org/ The mod_perl project has two major stable releases: mod_perl 1.x and mod_perl 2.x.
    • mod_perl 1.x is supported release, but this mean you must use Apache 1.3.x, because mod_perl 1.x works only with Apache 1.3.x. mod_perl 1.x must be built with EVERYTHING=1 option (most distribution packages have this option on). For an excerpt, see ManualApache.
    • RT development team does not recommend using development 1.9x versions, because of development status. Also mod_perl 2.x was released and it’s stable branch of the 1.9x development versions, so you wouldn’t get much support from mod_perl users and developers if you use mod_perl 1.9x. RT-3.4.4 and greater doesn’t work with development 1.9x releases.
    • mod_perl 2.0 has been released with major API-changes in mod_perl 2.0-RC3 which lead to incompatibities that also affect RT, see this mailing-list message. So RT-3.4.3 or any prior versions is totally unsupported on mod_perl 2.x.
    • mod_perl 2.x has been marked as supported in RT 3.4.4. There is no mentioning of incomplete support in any way. See this mailing list message. If you experience issues getting mod_perl 2.x+apache 2.x up and running, consider using apache 1.3.x + mod_perl 1.x or FastCGI instead.

• Database backend: RT stores data in a database. Generally, the locations I have worked at use MySQL, though there is interest in evaluating PostgreSQL.
  • MySQL 4.0.18 or later with support for InnoDB.
  • PostgreSQL 7.4 or later.

• Sendmail and sendmail configuration and administration: The key here is to realize that RT uses mail aliases on its host’s configured mail server to route commands through e-mail. As long as your MTA supports these type of aliases, you are fine.

  • sendmail’s home. http://www.sendmail.org

• Configuration management: These articles, books and tools can help you build your own CM process.
  • “Software Release Methodology” by Michael E. Bays, ISBN: 0136365647
  • “Automating the Build Process” by Aspi Havewala, Dr. Dobb’s Journal, issue: August 2000
  • CVS, Revision Control System http://cvshome.org
  • Aegis Configuration Management Tool (like cvs) http://aegis.sourceforge.net/
  • Subversion, yet another CVS replacement http://subversion.tigris.org/
  • Scarab, an issue tracking system, like RT (it is useful to compare) http://scarab.tigris.org/
  • GNU Make, the build engine of the open source world http://www.gnu.org/software/make/make.html
  • Jakarta Ant, the build engine of the Java open source world http://jakarta.apache.org/ant
  • Add more automation to your project with the code generation tool, Swang (http://swang.sourceforge.net).

I am going to end here and leave the installation instruction for a follow up post. Installation under FreeBSD is fairly straight forward. I ran into a snag with the installation under Mac OS X. Under Mac OS X, when you try to configure mod_perl 2.0.3, it will complain about Perl 5.8.8 being built without threads and tell you to build Perl with -Duserthreads. One solution is dropping back to Apache 1.3.x and mod_perl 1.x. While Apache 1.3.x is legacy code, and I tend to want to use the code that is being actively developed, there is an argument for using Apache 1.3.x. A major feature of Apache 2.x is threading. On Windows, where most basic libraries are and must be threadsafe, Apache 2 is really the only choice. Earlier Mac OS X releases did not include a completely thread-safe libc, so threading is still not fully supported in Perl. This is why the Perl version that comes with Mac OS X is not compiled to use threads. Before posting the second half of this blog, I want to split the post between installation instructions for FreeBSD and Mac OS X. I also plan on revisiting the installation of RT under Mac OS X. In case the above explanation and links can be of assistance to anyone interested in installing Request Tracker, I wanted to publish the first half of this posting. Good luck.