**Request Tracker (RT) Installation and Configuration** Network Management & Monitoring # Notes * Commands preceded with `$` imply that you should execute the command as a general user - not as root. * Commands preceded with `#` imply that you should be working as the root user. * Commands with more specific command lines (e.g. `RTR-GW>` or `mysql>`) imply that you are executing commands on remote equipment, or within another program. * If a command line ends with `\` this indicates that the command continues on the next line and you should treat this as a single line. # Exercises ## Exercise 0 Log in to your virtual machine as the sysadm user. ## Exercise 1 Install the necessary packages for RT. You should have mysql-server already, but we do the install just in case. This won't cause problems. Copy the "sudo apt-get install" line below, minus the "$" and paste this in to your terminal session on your virtual machine. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo apt-get install rt4-apache2 rt4-clients rt4-db-mysql request-tracker4 \ libapache2-mod-fastcgi libfcgi-perl mutt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Respond "Yes" when prompted if you wish to install the packages. You will now be presented with several windows. Read the follwing instructions to see how to respond: **Name for this Request Tracker (RT) instance:** Remove what is shown and replace with "netmgmt", then select `` and press `ENTER` to continue. ![RT installation name](images/01-configure-rt-name.png) **Handle RT_SiteConfig.pm permissions?** * Select `` and press ENTER to continue. **Configure database for request-tracker4 with dbconfig-common?** * Select `` and press ENTER to continue. ![DB configuration](images/02-configure-rt-db.png) **Password of the database's administrative user:** Enter the MySQL **`root`** or **`admin`** password. This was set earlier in the workshop (probably when you installed Cacti). If you do not remember what this is, or if it's not written at the front of the classroom, ask an instructor for help. ![DB admin password](images/03-configure-rt-db2.png) **MySQL application password for request-tracker4:** You may enter any password you wish. This will be used by Request Tracker to connect to MySQL. You generally do not need to remember this password. Pick something that cannot be guessed easily (i.e., don't use `rt`, `requesttracker`, `1234`, etc...). ![DB application password](images/04-configure-rt-db-pwd.png) **Password confirmation:** * Enter the same password that you created in the previous step. ![DB application password](images/05-configure-rt-pwd2.png) **Initial root password for RT system:** * Use the same password as we used for the MySQL database administrative user. ![Initial root password](images/06-configure-rt-db-pwd3.png) Now you will see quite a bit of information go across your screen as the Request Tracker installation process completes - It's a big package. ## Exercise 3 At this point you have installed Request Tracker version 4. In order to access RT via the Apache web server you need to make a few small changes. First let's update the Requestion Tracker (RT) configuration to improve the "From:" field format that will be used when RT sends out emails to users. In addition we will restrict attachment sizes and we will add our RT server to a whitelist to avoid cross site forgery error messages for legitimate RT usage. Request Tracker maintains configuration files in the directory: /etc/request-tracker4/RT_SiteConfig.d We will go to this directory, create a new configuration file called 90-local and regenerate the RT RT_SiteConfig.pm file using the update-rt-siteconfig command: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ cd /etc/request-tracker4/RT_SiteConfig.d $ sudo editor 90-local ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Add the following two lines to the file 90-local: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Set($MaxAttachmentSize , 10000000); Set(@ReferrerWhitelist, qw(x.x.x.x:80 SERVNAME:80)); ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In the ReferrerWhitelist entry x.x.x.x. is the IP address of your PC and SERVNAME is the name of your PC. That is, if you are on pc1.ws.nsrc.org you would enter: ~~~ Set(@ReferrerWhitelist, qw(10.10.1.1:80 pc1.ws.nsrc.org:80)); ~~~ Be sure to use the correct IP address and name for your PC, then save the file and execute the command: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo update-rt-siteconfig ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Now we have one more change to the Apache web server configuration to make: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ cd /etc/apache2/conf-available $ sudo ln -s /etc/request-tracker4/apache2-modperl2.conf rt4.conf $ sudo a2enconf rt4 $ sudo service apache2 restart ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ The last step could take up to 30 seconds, so be patient! RT should now be up and running! ## Exercise 3 Log in to RT as the root User If you go to you will see the RT login screen: ![Login screen](images/08-rt-login.png) Enter the following information to log in as **`root`** on RT: **Username:** `root` **Password:** [SELECTED AT INSTALL] ## Exercise 4 **RT Configuration: Create a User** Now that you are logged in we will create a new user for the rest of these exercises. The user you will create is "sysadm". On the top of the screen choose Tools => Configuration => Users and then click on the **Create** item in the menu. ![Create User](images/09-rt-user-create.png) You will now be presented with the following dialogue. Fill in the fields, and make sure the checkbox **`Let this user be granted rights`** is checked. Set your email to `sysadm@`**`pcX`**`.ws.nsrc.org` (X = your PC) ![User creation form](images/10-rt-user-create2.png) Use the same password for **`sysadm`** as you are using in class. Be sure you check **`Let this user be granted rights`**. Once done, scroll down the page and click on the **Create** button (bottom right). You should see this: ![User created](images/11-user-create3.png) ## Exercise 5 **RT Configuration: Create a Group** * At the top, choose the menu item **Tools** => **Configuration** => **Group** => **Create** ![Create group](images/12-group-create.png) * Fill in the name: `netmgmt`, and add a description, then click on **Create** ![Create group form](images/13-group-create2.png) * You should see the following result: ![Group created](images/14-group-create3.png) * Click on Members (top menu) ![Group members](images/15-group-member.png) * In the **`Add members`** field (right), type in the name of the user you created in step 3. This is the **`sysadm`** user. Then click on **Modify Members** (bottom right): ![Add member](images/16-group-member2.png) * You should see this: ![Member added](images/17-group-member3.png) ## Exercise 6 **RT Configuration: Create a New Queue** * At the top, choose the menu item **Tools** => **Configuration** => **Queue** => **Create** ![Create queue](images/18-queue-create.png) * Fill in the fields. Let's use the following values and then click on **Create**: **Queue Name:** `net` **Description:** `Network Problems` **Subject Tag:** `RT: NET` **Reply Address:** `net@pcX.ws.nsrc.org` **Comment Address:** `net-comment@pcX.ws.nsrc.org` ![Queue create form](images/19-queue-create2.png) **Note:** Remember to replace pcX with the correct number of your machine You should see this: ![Queue created](images/20-queue-create3.png) ## Exercise 7 **RT Configuration: Give Rights to our Group on the Queue** From the top menu, select **Tools** => **Configuration** => **Queue** => **Select** You should see: ![Enabled Queues](images/21-queues.png) * Select **`net`** (click on it) then choose **`Group Rights`** (top right) ![Group rights](images/22-queue-group-rights.png) The following page should look like this: ![Group rights overview](images/23-queue-group-rights2.png) Note the three categories: **General rights**, **Rights for Staff**, **Rights for Administrators** Here, we want to give **Everyone** (including people who are not yet known to RT) some privileges, but only the minimum required. These are found under **General Rights**, and are the following: * **Create tickets** **`(CreateTicket)`** * **Reply to tickets** **`(ReplyToTicket)`** * **View queue** **`(SeeQueue)`** * **View ticket summaries** **`(ShowTicket)`** So start by selecting these 4 privileges by checking the 4 boxes in your browser. Notice that **Everyone** on the left is already highlighted. ![Modify group rights](images/24-queue-group-rights3.png) Now, click **Save Changes** (bottom right) to make sure the changes are applied. ![Saved rights](images/25-queue-group-rights4.png) Staying on the same page, we're going to now give the **netmgmt** Group all rights... To do this, first type in the name of the group in the **ADD GROUP** field in the lower left: ![Add rights to group](images/26-queue-group-rights5.png) Now check **ALL** the boxes in **General Rights**, **Rights for Staff**, **Rights for Administrators**. ![All rights selected](images/27-queue-group-rights6.png) Once this is done, press the **Save Changes** button on the bottom right of the page. You should see: This is after having selected items. Remember to press **Modify Group Rights** after selecting the new rights. Once you press the **Modify Group Rights** button you will see a bunch of this: ![Rights granted](images/28-queue-group-rights7.png) ## Exercise 8 **RT Configuration: Log in as sysadm** Log out of RT (top menu, select the item **Logged in as root** => **Logout**) ![Logging out](images/29-logout.png) Now log back in as the **`sysadm`** user you have created: ![Logging in as `sysadm`](images/30-login-newuser.png) You should see the following: ![Main page view for `sysadm`](images/31-rt-at-a-glance.png) At this point RT has been properly configured for initial operation. Now we must configure email properly to talk with our new `net` queue in RT. ## Exercise 9 **RT Configuration: Email** RT will work with the MTA (Mail Transfer Agent) of your choice. In our case we are using Postfix configured to run as an MTA for an <<**Internet Site**>> - that is, to deliver email locally and remotely using SMTP. Edit the file /etc/aliases ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo editor /etc/aliases ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Add the following two lines at the end of the file (copy and paste!): ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ net-comment: "|/usr/bin/rt-mailgate --queue net \ --action comment --url http://localhost/rt/" net: "|/usr/bin/rt-mailgate --queue net \ --action correspond --url http://localhost/rt/" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Save the file and exit. Some editors might cause the above-lines to become multiple lines. Be sure that you only have two new lines in your `/etc/aliases` file after copying and pasting in the text above. Now run the command: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo newaliases ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ## Exercise 10 **RT Configuration: Create an Email and Tickets** Let's create an email and send it to the RT **`net`** queue. Do this as the `sysadm` user (not as `root`!): If you are currently `root`: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # su - sysadm $ echo "Problem with my router" | mail -s "Router problem" net@pcX.ws.nsrc.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Remember to replace pcX with the correct name of your server. Now check that you have received email: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ mutt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ You should see an email from Request Tracker acknowledging that your ticket has been created. The mail should say something similar to this: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Date: Fri, 9 Nov 2012 00:29:27 +0000 From: Network Problems via RT To: sysadm@pcX.ws.nsrc.org Subject: [Request Tracker: NET #1] AutoReply: Router problem Greetings, This message has been automatically generated in response to the creation of a trouble ticket regarding: "Router problem", a summary of which appears below. There is no need to reply to this message right now. Your ticket has been assigned an ID of [Request Tracker: NET #1]. Please include the string: [Request Tracker: NET #1] in the subject line of all future correspondence about this issue. To do so, you may reply to this message. Thank you, net@pcX.ws.nsrc.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ If, for some reason, you do not see mail try taking these steps, and then send the mail again: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ sudo touch /var/mail/sysadm $ sudo chown sysadm:mail /var/mail/sysadm ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ## Exercise 11 **RT Configuration: View, Reply, Resolve, Reopen Tickets in Request Tracker** Go back to your web browser where you are logged in to RT as the sysadm user and click on the **Home** menu item (top left). You should then be presented with an updated view with the current ticket: ![Main page - ticket overview](images/32-view-ticket.png) Now, click on the ticket subject. You will see many pieces of information about the ticket. Scroll to the bottom of the page. Here you can **Reply** to the ticket: ![Display ticket](images/33-view-ticket2.png) Go ahead and type in a reply, set the **Status** of the ticket to **Resolved** (upper-right drop-down menu), and then click on **Update Ticket** (bottom-right): ![Replying to ticket](images/34-reply-ticket.png) **You should see this:** ![Reply sent](images/35-reply-ticket2.png) The ticket is currently Resolved but you can reopen the ticket via the RT web interface at any time, or if the original ticket creator (**`sysadm`** in this case) replies to the resolution email RT sent, then the ticket will be reopened. View the history at the bottom of the page to see that the ticket is currently resolved: ![View history](images/36-ticket-status-change.png) If you went back to your terminal session as the sysadm user and typed: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ $ mutt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ and responded to the email generated from Request Tracker, then your ticket status will change. You can see this by reloading the RT web page for the ticket and viewing the history at the bottom of the page: **Using Mutt to Reply to an Email** * After typing **`mutt`**, select the message you want to respond to using the arrow keys * Press the <<**r*>> key for <<**r*>>eply. * At the bottom of the page you will see, `To: System Admin via RT ` - Press ENTER to continue * Next you'll see a suggested <> line. Press ENTER to choose what is shown. * When you see, `Include message in reply? ([yes]/no):` press ENTER to include the message. * Now you will be placed in an editor - possibly `vi`. Type in your response. We suggest to answer below the original message. * Save and exit from the text editor (`:wq` in `vi`). * The next screen to appear looks complicated but simply press the `y` key to send the message. * That's it. You are done. You can press `q` to exit Mutt at this point if you wish. ![Ticket history showing reply](images/37-ticket-status-change2.png) You now have a functioning RT instance with email integration! You can experiment a bit. Now, this is not a very realistic setup, since you are communication with yourself! But in fact, other users in the classroom can send you email: * Make sure they have configured their mail software (`sudo apt-get install postfix` then accept the defaults) * Have the users send a mail to you, for example: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ echo "Where is my cat ?" | mail -s "Missing cat" net@pcX.ws.nsrc.org ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ * This should automatically create tickets in the **`net`** queue on your pc "pcX" - verify that you do receive the tickets! ## Adding Watchers to a Queue We are still missing an important feature: it's not practical to have to log into RT to check if tickets have arrived. It would be much more convenient if we received an email every time a problem request had been submitted, no? * To do these exercises you need to log out as the sysadm user and log back back in to Request Tracker as the root user. ![Logout as sysadm](images/37b-1-logout-as-sysadm.png) * Now log back in as root: ![Log in as root](images/37b-2-login-as-root.png) Now to receive an email every time a request is submitted we're going to modify the Queue settings for **`net`**: * From the top menu, select **Tools** => **Configuration** => **Queue** => **Select** ![Select queue](images/38-queue-modify-watchers.png) From the **Queue** page, select the **`net`** queue by clicking on its name, and you select the **Watchers** menu option at the top: ![Queue watchers](images/39-queue-modify1-watchers.png) You should now see this: ![Modify queue watchers](images/40-queue-modify2-watchers.png) Under **New watchers**, enter the group name **netmgmt** in the field: <>, as such: ![New watchers](images/41-queue-modify3-watchers.png) And click on **Go!** RT will search for all groups matching **netmgmt**. Of course there is only one right now, which we created earlier. RT finds it and displays the following: ![Matched groups](images/42-queue-modify4-watchers.png) Notice how we select **`AdminCc`** from the pull down memu **Groups** next to **netmgmt**. Do this and click on **Save Changes** at the bottom right. The result should look like this: ![Watchers modified](images/43-queue-modify5-watchers.png) What does it mean ? Well, ask another user to send you a mail, like before, but this time you should receive a mail from RT with the ticket notification - run `mutt` as `sysadm`. A bit later we will extend the use of RT by integrating it with other Network Monitoring software using the rt-mailgate facility that we have already configured in the `/etc/aliases` file. ## Exercise 12 **Finding a ticket once it's closed.** After a ticket has been resolved or closed may notice that it disappears from your Queue. Actually finding a closed ticket requires a few steps. First, click on **Tickets** => **New Search** on the top menu in RT: ![Search tickets](images/44-search.png) and you will see a screen like this: ![Ticket search form](images/45-search2.png) If you are going to search for items in a queue and there are already items in the <<**Current search**>> box, then you should delete the items from the <<**Current search**>> box first. Next in the <<**Add Criteria**>> box in the <<**Queue**>>" choice select the <<**net**>> queue from the drop-down menu (see below): ![Adding search terms](images/46-search3.png) Click on <<**Add these terms**>> or <<**Add these terms and Search**>> - If you just do <<**Add these terms**>> then go to the bottom of the page and click on <<**Update format and Search**>> - RT will keep the search terms until you delete them at a later time. ![Execute search](images/47-search4.png) And the results of your search will look something like this and you will be able to view tickets that have been closed, resolved, etc. Clearly there will be more tickets in the results over time: ![Search results](images/48-search5.png)