• Introduction
• Installation Guide
  • Requirements
    • Perl
    • Perl Modules
    • Database backend
    • Perl enabled webserver
      • Building Apache with mod_perl
  • Unpack
  • Configure the Makefile
  • Check Dependencies
  • Installation
    • make install
    • Upgrading within 2.0.x
    • Upgrading from 1.0.x
  • Post-installation Configuration
    • Edit etc/config.pm
    • Configure the web interface
      • Apache with mod_perl
        • Apache, mod_perl and Mac OSX
        • Using mod_proxy
        • Can I run without Apache::DBI?
      • Apache with multiple RT instances
      • Apache with fastcgi
      • Apache with speedycgi
      • mini_httpd with fcgi
    • Users and Queues and Scrips, Oh my! (A configuration tutorial)
      • Create your users
      • Create your queues
      • Grant your users the rights they need.
      • Set up Scrips
      • Set up queue watchers
      • Set up keywords
    • Configure the Email Gateway
      • Which server should deliver RT mail?
      • Sendmail
      • Qmail
      • Exim
      • scary exim hack
      • scary qmail hack
      • shorter scary qmail hack
      • Ensuring that RT-generated mail gets delivered
  • Appendix
    • Installing RT on Debian Linux
    • Full install notes for Debian
    • Full install notes for RedHat 7.2
    • Installation notes for Solaris
• Administration Guide
  • Concepts
    • Terminology
      • Ticket
      • Links
      • Requestor
      • Status
      • Users
        • Attributes
        • Privileged Users
        • Nonprivileged Users
      • Queue
      • Groups
        • Normal Groups
        • Pseudogroups
      • Watchers
        • Types of Watchers
          • Requestors
          • Ccs
          • AdminCc
        • Watcher Scopes
          • Queue
          • Ticket
      • Keywords
    • Access Control (ACLs)
      • Description of Rights
    • Scrips
      • Conditions
      • Actions
      • Templates
    • Relationships
  • Backup and Restoration
  • Email
  • Administrative Procedures
    • Creating a user
      • with the CLI
      • with the web interface
    • Creating a queue
    • Granting users rights to access a queue
    • Using scrips to notify users of changes to tickets in a queue
  • Keywords
    • Creating a Set of Keywords
    • Adding a keyword selection to a queue
    • Sample Keyword Tree for IT Support
  • Performance Tuning
    • Database Optimisation
      • Postgresql
      • MySQL
    • Operating System and Environment
    • Hardware aspects
  • Extending and Customizing RT
    • Scrip Actions
    • Scrip Conditions
    • Plugging in your own user metadata
    • Plugging in your own authentication system
    • Other Languages
  • Tool Reference
    • Email Gateway
• User Guide
  • Commandline Interface
    • Introduction
    • Usage
    • Syntax
  • Web Interface
    • Searching
      • Why don't 'Dead' tickets show up?
    • Start Page
    • Navigation Bar
    • The Workspace
  • Using RT Effectively
    • Using Priority
• FAQ
  • Installation
    • Large messages and attachments don't appear in the ticket history.
    • Local customisation: Why don't images work?
    • Statistics 1: How do I install the Cozens Statistics Package?
    • My RT version is reported as "!!RT_VERSION!!" !
    • Error message: "553 5.1.3 'AdminCc of fooTicket #123':;... List:; syntax illegal for recipient addresses"
    • Couldn't write to session directory '/usr/local/rt2/WebRT/sessiondata'
    • Error message: "Bizarre copy of HASH in aassign"
    • fastcgi sends images as text/html
    • Error message: Can't locate object method "new" via package "RT::Handle"
    • Error: "Substitution replacement not terminated at -e line 1"
    • Error message: Can't call method "handle_request"....
    • My changes to config.pm don't seem to take effect. Why?
    • Error: Can't write to rt2/log/foo: permission denied
    • Why isn't Apache::DBI checked in 'make testdeps'?
    • Will RT run with my particular mailserver/database/webserver/OS?
    • Why is CPAN making me upgrade to perl 5.6.1?
    • Perl can't do setuid. What do I do?
      • Why does suidperl keep losing it's setuid bit on freebsd?
      • Why doesn't this work on Slackware?
    • Error message: 'Possible unintended interpolation of @inflow in string at rt2/etc/config.pm'
  • Apache
    • Starting apache produces error message about TIEHASH
    • Error: Variable "$m" is not imported at /var/web/rt/bin/webmux.pl line 94.
      • Providing a lower HTML::Mason version specifically for RT
    • Should I use PerlFreshRestart?
    • Why do I get segmentation faults with Apache?
    • http://example.com/rt2 gives me a 'Error 404 - Page not found' message.
  • Administration
    • Are there any default templates with RT2?
    • What is the purpose of keywords?
    • Why can't users change their password?
    • Is there a default password for auto-created users to view their ticket?
    • How do I delete users and groups
    • Why aren't emails being sent to watchers?
    • Can I send emailed reminders to ticket owners?
    • Email
      • What's that Sender: header, and how do I make it go away?
        • exim and sender
        • sendmail and sender
        • postfix and sender
        • qmail and sender
      • Sendmail won't let me run rt-mailgate
    • Why is RT so slow?
    • Why are there two Mason Component directories?
    • Why is the owner of a new ticket nobody and not the requestor?
    • How do I delete and re-create my RT database?
    • How can I start numbering tickets at a particular number?
      • MySQL
      • PostgreSQL
    • What variables can I use in templates?
  • UI
    • How do I list the due date in the home page or queue listing?
  • End users
    • Why don't I receive an email when other watchers do?
    • Why doesn't the requestor receive my comments?
    • Can an unpriviledged user comment on/reply to the tickets he's requestor for?
    • Can I change ticket status/attributes via email?
    • What format do I use for date and time values?
    • My browser doesn't work with RT2
      • Opera and RT2
      • Mozilla 0.9.7 and RT2
    • How do I send Attachments back to requestors (or to queue watchers) ?
  • Mailing Lists for RT
  • Who wrote these docs? They rock/suck.

Introduction

Request Tracker is a trouble ticketing system. It lets a group of people intelligently and efficiently manage requests from a community of users. RT is used by systems administrators, customer support teams, network operation centres, developers and even marketing departments.

If you know about the Quantum or Clarify helpdesk products, then you will understand what RT is all about. RT implements most of what these sorts of very expensive commercial products do and has quite a few features that they can't get close to matching.

The basic model works something like this:

• A user makes a request via email or a web interface
• RT emails the user an automatic reply containing an electronic ticket stub for reference in further correspondence
• RT creates a new ticket in a queue containing the user's request. The ticket is now visible via the web interface to queue members, who are generally experts of some kind who can answer the request
• If configured to do so, RT also emails the contents of the request to a list of queue members who have opted for such notification, or other people for whom the queue administrators have added an email address
• A queue member takes ownership of a request (normally via the web interface) and drafts a reply to the user, which RT records and forwards to the user
• The queue member resolves the ticket and moves onto the next new ticket

RT can be configured to suit specific site requirements, but the basic concepts and usage remains the same

Installation Guide

Requirements

Perl

Perl5.005_03 or later with support for setgid perl scripts [http://www.perl.com/]. setuid or setgid scripts under Unix can be dangerous, but perl is something of a special case. Perl tries very hard to minimise the risks. So does RT. If you want to know more about this area of Unix security, search the web using terms like "Unix setuid perl race condition".

RT's command line and mail gateway tools run setgid to the 'rt' group to protect RT's database password. The program that will be installed is "suidperl", but your operating system may not install it with the standard perl because it is a potential security risk. Some operating systems provide it in a separate package. If you are installing or compiling perl yourself from sources you may need to reconfigure it to support "setuid scripts".

• Debian GNU/* 3.0+: the package which installs suidperl is called perl-suid, and should work without any tweaking.
• FreeBSD 4.2+: the package is called sperl, and should install a suidperl that just works
• Conectiva Linux 6.0+: suidperl is installed by default when perl is installed, but the program /bin/suidperl is not setuid. You must use chmod to make it setuid.



Perl Modules


RT also relies on over 30 perl modules having been installed. A tool is included with RT to automate the installation of these, and is detailed below. Some operating systems package all or some of the modules required and you may be better off installing the modules this way. The tool supplied with RT uses the Perl CPAN system to install modules.


Database backend




RT requires one of the following database backends:

Mysql v3.23.38 or higher. [http://www.mysql.org/]
RT is primarily developed on Mysql. Because of this, it's likely to be the best tested database for RT.

PostgresSQL v7.1.1 or higher, but NOT 7.3.0 or higher[http://www.postgresql.org/]


Oracle [http://www.oracle.com/]
RT has been shown to work with Oracle 8 or 8i, but it may not work easily for you. There are a number of known issues with oracle support at present. You are advised to contact the developers directly.

Because the Perl::DBI package needs to talk with the database via a C calling interface you need to install the appropriate C header files for your database. Most (all?) Linux distributions have two packages, the database (eg mysql or postgresql) and the development libraries and header files (eg mysql-dev or postgresql-dev). Both need to be installed. If you are installing the database from pristine sources then you should have no problem because the header files must be present for compilation to work. If you are using some Unix with another other packaging scheme such as the FreeBSD ports collection then please contribute your experiences here.

To summarise the previous paragraph: unless the C header files for the database are present, the essential Perl::DBI module cannot be installed.

Don't forget to setup permissions for your database. For example, with Postgresql, maybe you need to edit the pg_hba (Host Based Access) file to allow connections from localhost using something less than encrypted passwords for convenience (if that is what you really want to do, which can be a very bad idea!).


Perl enabled webserver


While not strictly necessary for the CLI and mail gateway to function, a perl enabled webserver is required for the web user interface. The recommended option is to use the Apache webserver compiled statically with mod_perl.

Apache 1.3 [http://httpd.apache.org/]
mod_perl [http://perl.apache.org/]

Alternatively, the fast_cgi handler is known to work. [http://www.fastcgi.com].
Also, a handler for speedy_cgi may be developed in the future.

The Perl::Apache:Cookie module needs to interface to Apache via C header files in a similar way to the database routines. For most (all?) Linux distributions this means you have to install the apache-dev package as well as apache (and usually apache-perl too). If you are installing from pristine Apache sources then you should have no problem, because the header files are required for Apache to compile at all.


Building Apache with mod_perl




The mod_perl guide can be found at: [http://perl.apache.org/guide]

The following is an excerpt, which should work for most people. Download the source tarballs for apache and for mod_perl, and then:

% tar xzvf apache_x.x.x.tar.gz
% tar xzvf mod_perl-x.xx.tar.gz                                                 
% cd mod_perl-x.xx                                                              
% perl Makefile.PL APACHE_SRC=../apache_x.x.x/src USE_APACI=1  DO_HTTPD=1 EVERYTHING=1
% make && make test && make install                                            
% cd ../apache_x.x.x                                                           
% make install   

This builds Apache statically with mod_perl, installs Apache under the default /usr/local/apache tree and mod_perl into the site_perl hierarchy of your existing Perl installation. Do not omit the EVERYTHING=1 parameter.



Unpack


Unpack the distribution somewhere other than where you want to install RT. To do this cleanly:

% tar zxvf rt.tar.gz -C /tmp

another good place might be /usr/src, so you have a copy of the install files (and the ability to uninstall) somewhere more permanent than in /tmp, which on some Unixes is wiped by default each boot.


Configure the Makefile




Check through /tmp/rt/Makefile

There are many variables you NEED to customize for your site. Even if you are just upgrading, you must set ALL variables.

Here are the some of the more likely candidates to need changing:

RT_PATH - Where you want the installation to live.
/opt/rt2 is default, /usr/local/rt2 may be more to your taste.

RT_MAN_PATH - Where to install the man pages for RT.
You may wish to change to to /usr/share/man or /usr/local/man

RT_LOG_PATH - Where to write log files.
RT writes numerous log files based on PIDs, so you may want to make a directory just for rt such as /var/log/rt2

DB_TYPE - Which database backend to use.
Choices are:

• Pg for PostgreSQL;
• mysql for Mysql;
• Oracle for, well, Oracle.

DB_HOME - Where to find the executables and libraries for your database
$DB_HOME/bin should contain the binaries themselves - e.g. if

$ which mysql

gives "/usr/local/mysql/bin/mysql", $DB_HOME should be "/usr/local/mysql"

DB_DBA - A user who has permission to create new databases and database users.
This might be "root" for Mysql, "postgres" or "pgsql" for PostgreSQL, or "system" for Oracle. This is used during installation only.

DB_HOST - The host on which the database resides.
Leave this blank to connect via Unix domain sockets (PostgreSQL has been reported to work better this way.)

DB_RT_USER - A user who will actually use the database
If the username does not already exist, it will be created.

WEB_USER and WEB_GROUP - The user that your webserver runs as.

This should be something like www, or www-user, or nobody. It should *not* be root. Check your apache configuration file for the User directive.


Check Dependencies


Satisfy RT's myriad dependencies:
There's a perl script to automate this in rt/tool called testdeps.

% cd /tmp/rt
% make testdeps

This will check that all the perl modules which RT depends on are installed.Do not run testdeps except from the makefile as shown.

If there are unsatisfied dependencies, there are three choices. These are probably in order of increasing difficulty:

• installing the missing perl modules as part of your Unix's packages. For example, there might be a package called perl-dbi. See the Appendix at the end of this section for operating system-specific advice
• running

  % make fixdeps
  

• installing them by hand

  make fixdeps must be run as a user with write privilege to various bits of the Perl hierachy, usually root.

  Depending on how your operating system distributor has put together Perl, CPAN and all the other bits required, you may need to install Apache::Session and Apache::DBI by hand. Debian has no need for this. [any others?]

  Similarly, you might need to install Msql-Mysql-Modules by hand. Either use CPAN:

  % perl -MCPAN -e 'install DBD::mysql::Install'
  

  or alternatively, you should be able to find all the neccessary modules at [http://www.helgrim.com/perlmodules/]

  Note that, in the words of Jesse, "MIME-Tools 5.5 appeared in beta form. it was badly broken and withdrawn. If you're running it, you shouldn't be." 5.411 is the recommended version for use with RT.

  If something went wrong with any of the above and you are doing installs involving CPAN (eg you suddenly realised that you hadn't got the Postgresql header files, or weren't running as root) then you can restart CPAN installs as many times as you like. A CPAN cache is kept under the directory .cpan in the home directory of the user running make testdeps. Using a tool such as sudo to run make fixdeps as root can help by keeping the CPAN cache in the home directory of whoever is running sudo rather than spreading it across the root user's homedir as well.

  Now make sure everything is installed:

  % make testdeps
  

  Repeat whichever steps of the above apply to you until happy.




Installation





make install




If this is a new installation, create a group called 'rt'.

Then, as root, type:

# make install

You may be prompted for the database user's password.

If this fails, type:

# make dropdb

before trying again.


Upgrading within 2.0.x




If you are upgrading from rt.2.0.x:

1. Back up your existing /rt2/etc/config.pm The installation will save your existing config.pm to config.pm.old but do not rely on it. Have your own backup.

2. Rebuild the libraries as root:

# make upgrade

This will build new RT wrappers, files and libraries without overwriting your RT database. A new version of config.pm will be installed, and will need to be configured. Do not just copy your old configuration file into it's place, as it's format may have changed.


Upgrading from 1.0.x




Request Tracker went through major changes from version 1 to version 2. The architecture and database design has changed radically, so there are a number of extra steps to upgrade versions.

The import tool will import the following information from your rt1 database:

• Queues, Areas, Users, Acls, Mailing Rules, Queue Members, Tickets and Transactions.
It will not, however, import:
• Attachments which were removed by stripmime, or Templates.
Be warned, if you have a sizeable installation, the import can take some hours, so you may wish to leave this running overnight.

1. Make sure you have completed the previous steps for installing RT2. It is important that RT2 is in an unused state, otherwise the upgrade will not be completed.

2. Cd to your rt1 installation.

$ cd /path/to/rt/etc

3. Download import-1.0-to-2.0 from [http://www.fsck.com/pub/rt/contrib/2.0/rt-addons/import-1.0-to-2.0]

4. If your RT 1.0 transaction history doesn't live on the host you're running the import tool on, you'll need to copy /path/to/rt/transactions from the host it lives on.

5. Edit the configuration defaults in import-1.0-to-2.0
Set $DEFAULTQUEUE to the name of one of your RT 1.0 queues.
If you do not do this, THE IMPORT WILL FAIL. Also, make sure the MinimumPasswordLength in rt2/etc/config.pm does not exceed the length of your rt1 users' passwords. If it does, your users will NOT be imported.

6. If you are importing to a postgres database, you will need to execute the following SQL statement from within your RT2 database.

$ psql rt2
psql> SELECT setval('tickets_id_seq', (select max(id) from tickets));

7. Do the import by typing:

$ perl ./import-1.0-to-2.0

The script will run, without requiring user intervention. If you are importing a large number of tickets, this will take some time. When it has finished, test it to ensure that all the data has been imported correctly.


Post-installation Configuration




Now that you have RT installed, you must first change the RT root user's password. Root's default password is "password".
Not changing this is a security risk.

As root, type

# /path/to/rt2/bin/rtadmin --user=root --password="<newpassword>" 




Edit etc/config.pm


Edit etc/config.pm in your RT installation directory. In many cases sensible defaults have been included. In others, you MUST supply a value. Some values (such as the RT log directory) will come from values you supplied in the Makefile.


Configure the web interface


Note, that after applying changes to the configuration file or the perl libraries, you must stop your webserver, and then restart it. An 'apachectl restart' or 'kill -HUP' command will NOT work, as Mason's cache will not be cleared. You must stop, and start again.

RT's web ui is based around HTML::Mason, which works best with the mod_perl perl interpreter within Apache httpd. A FastCGI version handler is known to work as well, but for now, mod_perl's your best bet.




Apache with mod_perl




You need to tell apache to use HTML::Mason as a handler for RT.
If you are running a dedicated server address for rt, e.g. rt.example.com, you can use the following directives in your httpd.conf:

DocumentRoot /path/to/rt2/WebRT/html
ServerName rt.example.com
PerlModule Apache::DBI
PerlRequire /path/to/rt2/bin/webmux.pl
<Location />
  SetHandler perl-script
  PerlHandler RT::Mason
</Location>

Alternatively, if you are using apache's VirtualHosts:

<VirtualHost your.ip.address>
DocumentRoot /path/to/rt2/WebRT/html
ServerName rt.example.com
PerlModule Apache::DBI
PerlRequire /path/to/rt2/bin/webmux.pl
<Location />
 SetHandler perl-script
 PerlHandler RT::Mason
</Location>
</VirtualHost>

Many sites may not need the "PerlModule Apache:DBI" line, in fact in many cases Apache:DBI will cause Apache to abort every time it is run. Removing these lines should solve the problem.

If you want to run RT along with other content, do so like this:

Alias /rt2 /usr/local/rt2/WebRT/html
PerlRequire /usr/local/rt2/bin/webmux.pl                
<Location /rt2>                         
  SetHandler perl-script
  PerlHandler RT::Mason
</Location>

If you set up RT this way, you must also change $WebPath in config.pm

Next, set up the following cron job to remove stale session data.

WARNING: Do not install this cron job or run this find command if your MASON_SESSION_PATH (known in config.pm as $MasonSessionDir) points to a directory that could EVER contain any file that's not a Apache::Session datafile.
If you're running RT on it's own, this should not be an issue. Add these lines to /etc/crontab:

# Every hour, delete session files and lockfiles that haven't
# been touched in 10 hours

0 * * * * find /path/to/rt2/WebRT/sessiondata -type f -amin +600 -exec rm '{}' \;

mod_perl will initialize rt's mod_perl handler for every child it forks. rt's mod_perl handler immediately opens a database connection as soon as it's initialized. If you configure apache to spawn 200 children, you need to configure your database server to handle 200 connections from apache.

If you need RT to run through a high-traffic webserver, we recommend that you run RT on its own seperate apache server andp roxy requests from your main webserver. (see below)



1. Apache, mod_perl and Mac OSX
   As previously noted, loading mod_perl dynamically (DSO) does not work with RT2 approximately 20-40% of the time. This includes the default Apache + mod_perl installation under Mac OSX.

   The following lines (under MacOSX) are indicative of this problem:
   dyld: /usr/sbin/httpd multiple definitions of symbol _ApacheRequest___parse
   /Library/Perl/darwin/auto/Apache/Request/Request.bundle definition of _ApacheRequest___parse
   /Library/Perl/darwin/auto/Apache/Cookie/Cookie.bundle definition of _ApacheRequest___parse

   If you can, recompile Apache with mod_perl statically linked, or use FastCGI. If you must use mod_perl as a dynamic module, please find a solution to RT2 not consistently working and send it back to rt-devel.

   David Wheeler has written an excellent article on how to compile Apache with static mod_perl, at http://www.macdevcenter.com/pub/a/mac/2002/11/05/apache_osx.html.

   I do lots of RT development on Mac OS X using FastCGI and it works pretty damn well. - Jesse



• Using mod_proxy
  

  Set up an apache process which binds itself to a high port on 127.0.0.1. e.g. port 8080 Set the following values in RT's config.pm:

  $WebPath= "";
  $WebBaseURL = "http://rt.example.com/";
  

  On your main apache webserver, install mod_proxypass and add the directive:

  ProxyPass /rt2/  http://localhost:8080/rt/
  


• Can I run without Apache::DBI?
  The purpose of the Apache::DBI module is to reduce the overhead in opening a connection between the Apache process and the Database server (normally MySQL). Using Apache::DBI, each Apache child maintains one connection to the database that is persistent between pages.

  RT should be able to run without it, but it is not recommended due to the additional connection overhead and the slow response time that WebUI users will see.



Apache with multiple RT instances


To run multiple instances of RT in one instance of apache, you cannot do it under mod_perl. You will need to use FastCGI, or configure multiple Apache mod_perl instances (on different ports) and mod_proxy to present the appearance of multiple RTs on one machine.



Apache with fastcgi


As an alternative to using mod_perl, fastCGI has been known to work.
1. Use CPAN to install "FCGI"
2. Download [http://www.fastcgi.com/dist/mod_fastcgi.tar.gz]
3. Decompress it.
4. Build as a DSO via: apxs -o mod_fastcgi.so -c *.c
5. Fix the permissions via: chmod 755 mod_fastcgi.so
6. Install the compiled DSO via: cp mod_fastcgi.so /path/to/apache/modules/mod_fastcgi.so
7. Update your httpd.conf file to include

   LoadModule fastcgi_module modules/mod_fastcgi.so
   AddModule mod_fastcgi.c
   AddHandler fastcgi-script fcgi
   
   FastCgiServer /path/to/rt2/bin/mason_handler.fcgi
   Alias /NoAuth/images/ /path/to/rt2/WebRT/html/NoAuth/images/
   ScriptAlias / /path/to/rt2/bin/mason_handler.fcgi/
   

   (Note, these lines (in particular, the FastCgiServer directive) must appear after the User and Group directives.)

8. Restart the webserver

If you do not use the AddHandler and the FastCgiServer commands then apache will not keep the mason_handler.fcgi program running between requests. If the handler is not running between requests RT2 will run very slowly.




Apache with speedycgi


Speedycgi isn't currently supported in RT2.0, although some developement has been done.



mini_httpd with fcgi


The following instructions are courtesy of Rob Austein <sra@hactrn.net>:

• changes to rt:
  
  • chown and chmod mason_handler.fcgi to be setuid www, setgid rt.
• mini_httpd directory ($root) setup:
  • create directories $root/images, $root/.bin and $root/.sock, and chown $root/.sock to be writable by user www.
  • create $root/rt, a CGI script invoking /.bin/cgi-fcgi
  • copy spacer.gif and rt.jpg into $root/images
  • add index.html (perhaps with a meta-equiv) to taste.
  • create the ssl cert for mini_httpd if you need it, and write an appropriate config file for mini_httpd. mine looks like:

        user=www
        cgipat=**.html
        ssl
        certfile=/usr/local/www/mini_httpd.pem
        logfile=/tmp/mini_httpd.log
        chroot
    

  • compile and staticly link a copy of cgi-fcgi from the fcgi toolkit. install this as $root/.bin/cgi-fcgi with mode 111 (execute only). in theory mini_httpd will not serve files out of directories whose names begin with "." but a bit of paranoia doesn't hurt.
• how to start this up:

    bash# FCGI_SOCKET_PATH=$root/.sock/rt2 /path/to/rt2/bin/mason_handler.fcgi &
    bash# cd $root
    bash# mini_httpd -C /path/to/mini_httpd.conf
  

• unresolved issue:
  • certain pages do not always display correctly, i don't really know why. sometimes the page will display correctly when first visited but not when reloaded. most obvious example is the normal display page for a ticket: sometimes it includes all the usual stuff, sometimes it is missing the "people" and "history" sections.
    at one point i thought this might have been because the cgipat is too restrictive, ie, that there are target urls that do not end in .html that should be going through the mason handler anyway. this may still be the case, but if so i have not been able to prove it. the cgipat syntax is a little painful, so i don't think there's anyway to say "do cgi for everything -except- NoAuth/images/*", but if this does in fact turn out to be the problem one could use a cgipat like:

    cgipat=index.html|Admin/**|Elements/**|NoAuth/**|Search/**|SelfService/**|Ticket/**|User/**
    




Users and Queues and Scrips, Oh my! (A configuration tutorial)





Create your users




In its default configuration, RT uses an internal users database to keep track of who can access RT and who has what rights within the system.

One of your first tasks should be to create users for anyone who will need to work with tickets within RT.

With the web interface, click on "Configuration" -> "Users" -> "Create a new user".
Be sure to fill in:

• Name
• Email Address
• Password

Also make sure that "Let this user to be granted rights" and "Let this user access RT" are checked.

Note: You may find that when you add a user, you get an error "Name in use". This is probably because you have sent test emails when configuring the mail gateway.
Click on "Users" and enter the search for the username or email address, making sure to check "Include disabled users in search".




Create your queues




RT's primary administrative unit is the 'queue.' Use queues to separate tickets either by the groups of people who should be dealing with them, the user community or ticket attributes, or some combination therein. Generally, you don't want to create queues for time-limited projects. In most situations, queues are not things you should be creating or deleting with any frequency.

Click on "Configuration->Queues->Create a new queue"

• Queue Name: This should be a single word, such as support, noc, sales etc.
• Description: Note the purpose of the queue here. (optional)
• Correspondance Address: The email address for the queue.
• Comment Address: A second address to which internal comments are sent.
• Priority starts at: This can be a value from 0-99. When a ticket is created in this queue, it will be given this priority by default. This is most useful when you have staff who work on more than one queue. (optional)
• Over time, priority moves toward: Again, a value from 0-99. This is intended to provide a ceiling for a ticket's priority. At present there is not implemented. (optional)
• Requests should be due in: When a ticket is created, it will be given a due date X days later. (optional)
You must also create aliases for the addresses, as noted below in Configure the Email Gateway

By default, RT has one queue called 'general'. You will probably want to change the values for this.




Grant your users the rights they need.




RT provides a rich access control system that allows rights to be granted to groups, individual users and users in specific roles.

To allow arbitrary remote users to submit tickets into a given queue by email, grant "Everyone" the rights to "SeeQueue", "CreateTicket", "ReplyToTicket" and "CommentOnTicket" for that queue.

If you intend to let ticket requestors use the requestor-mode web interface, you should grant "Requestor" the right to "ShowTicket"

To make sure that your staff can work with tickets, you should grant them all the following additional rights:

• "ShowTicket"
• "ShowTicketComments"
• "Watch"
• "WatchAsAdminCc"
• "OwnTicket"
• "ModifyTicket"



Set up Scrips




RT's "Scrips" system lets sites configure what email gets sent by RT in response to ticket creation or updates. Unless you set up Scrips, RT _will not_ send any email. (It's also a general extension mechanism which allows changes to persist across updates. But if you're reading this quickstart guide, you probably just don't want to go there yet.)

Scrips are composed of a Condition, an Action and a Template. A number of Conditions and Actions come with RT. Others are available as contributed add-ins from members of the RT community. Later on, you can define custom templates for each queue, but for now, RT ships with a set of predefined templates which should get you started.

The default global Scrips installed with RT 2.0 (as of 2.0.12) are:

• OnCreate AutoReplyToRequestors with Global Template: AutoReply
• OnCreate NotifyAdminCcs with Global Template: Transaction
• OnCorrespond NotifyAllWatchers with Global Template: Correspondence
• OnComment NotifyAdminCcsAsComment with Global Template: AdminComment
• OnResolve NotifyRequestors with Global Template: Resolved
• OnComment NotifyOtherRecipientsAsComment with Global Template: Correspondence
• OnCorrespond NotifyOtherRecipients with Global Template: Correspondence

"OtherRecipients", I hear you ask? "Other" recipients are those addresses entered into the Cc and Bcc fields on the "modify ticket" (comment/correspond) page.




Set up queue watchers




RT lets you set up Cc and Administrative Cc watchers globally and for each queue. (Note that mail isn't sent unless you define Scrips to send it). Generally, Cc watchers are folks who get notifications of ticket updates and can view the queue (though this, of course, depends on how you configure things). Administrative Ccs are usually the folks who have rights to modify tickets. Set up folks you want to get Cc or AdminCc mail as watchers for your queue in "Configuration"/"Queues"/ / Watchers.




Set up keywords




RT's keyword system is centered around a single global hierarchy of keywords. A "Keyword Selections" attaches keywords from that hierarchy to a single queue (or globally.)

Keyword Selections let you pick a node in the Keywords tree as its "root" and to decide whether users can pick either a single value or multiple values from that list. Each "Keyword Selection" has it's own name.

For now, you probably don't need any keywords, but once you want to start 'tagging' requests with keywords, you will need to create some.

First, go to Configuration/Keywords and create entries in the keyword hierarchy. Good examples are:

                                                                      
    Operating System/                                                        
    Operating System/Linux                                                   
    Operating System/Solaris                                                 
    Operating System/Win32                                                   
                                                                             
    and                                                                      
                                                                             
    Priority/                                                                
    Priority/High                                                            
    Priority/Normal                                                          
    Priority/Low                                                             
  

Now, you need to attach these keywords to your queue. Go to Configuration/Queues/$Your Queue/Keyword Selections. Lets use Operating Systems as an example. Enter the following fields:

    "Platform" / Multiple / (children of) Operating System

You now have a keyword field called "Platform" which can have the values of the children of Operating System, i.e. Linux, Solaris, Win32. Tickets can have multiple values selected, so a ticket could have the value Platform set to both Linux and Solaris.

Note that the hierarchy was called "Operating System" but we named our keyword "Platform".

Lets make another example:

"Priority" / Single / (children of) Priority                             

You've now created a keyword field called Priority, which can have _one_ value, either High, Normal, or Low.

Before you start creating keywords willy nilly, think about how you want to arrange them. The keyword hierarchy can get very large, very quickly.

You might want to break an Operating Systems into more levels:

 
    Operating Systems/                                                       
    Operating Systems/Unix                                                   
    Operating Systems/Unix/Linux                                             
    Operating Systems/Unix/Solaris                                           
    Operating Systems/Windows/Windows NT                                     
    Operating Systems/Windows/Windows 2000                                   
    Operating Systems/Mac/OS X                                               
    Operating Systems/Mac/OS 9                                               
  

In the above example, you could create a Keyword Selection like the following:

"Platform" / Multiple / (children of) Operating Systems / 1 (level deep)

Platform would be a keyword field that allows you to select from Unix, Windows, and Mac.

If you are using Queue specific keywords, you may want to organize them that way. For example, I have a keyword for GUI, which I know I will only use in one queue, "Frontends". I might design the hierarchy this way:

    Queues/                                                                  
    Queues/Frontends/                                                        
    Queues/Frontends/GUI/                                                    
    Queues/Frontends/GUI/Qt                                                  
    Queues/Frontends/GUI/GTK+                                                
    Queues/Frontends/GUI/Wx                                                  
    Queues/Frontends/GUI/Motif                                               




Configure the Email Gateway


Before doing anything else, make sure that rt-mailgate runs from the commandline. When you do this, if rt-mailgate can't find config.pm then check the permissions - it should be setgid to the rt group as defined in the Makefile. (Some people have reported having to change the first line in rt-mailgate to point to their setuid perl. While that's not how setuid perl is designed to work, if nothing else seems to work...)

You also need to give the Everyone pseudogroup the privilege "CreateTicket" on all queues that rt-mailgate will be using, because mail requests are by default unauthenticated. (There is a dangerous mechanism where %RT USER and %RT PASS are variables that can be set in plain email text, but if you are that desperate you will find out about it yourself.) If you also wish to allow comments to be added by email, as is usually the case, then you also need to grant the two privileges "CommentOnTicket" and "ReplyToTicket" to Everyone.

Next, you need to review the (scanty) documentation on rt-mailgate. Understand the difference between the two kinds of actions, and be aware that only the "correspond" action can create tickets.

There are many ways of interfacing your mail transport agent (Exim, Postfix, qmail, Sendmail etc) to the RT mail program rt-mailgate. The general idea is that some amount of work is done by the aliases mechanism your MTA usually uses, and some amount in the configuration files of your MTA.

If you want to just use /etc/aliases, and your MTA is happy with this, you might add some entries that look like this, one pair for every RT queue that you have:

You need to configure your email server to pass incoming emails to /path/to/rt2/bin/rt-mailgate. Usually we set up two addresses for each queue, one for correspondance (which means formal communication with users), and a second for internal comments. We'll assume in the examples below, that the initial queue is called support, and that the addresses will be support@example.com and support-comment@example.com. The examples below show how for each of Sendmail, qmail and Exim you can have a mail alias used to inject new tickets and conduct email-based correspondance.

This doesn't scale at all well, because every time you add a queue or even change a queue name you have to do things to the email system. Even worse, it builds in a dependency between the email alias that the user knows about and the way that RT does its email processing. There is a much better solution which involves just a single piece of MTA logic, logic which says "for addresses of this particular form (say, queuename@host) handle them with rt-mailgate in the following way.) So long as all your queuenames conform to some standard that you define, you should never need to change aliases or MTA configuration to set up RT. The only MTA for which there is an example of such a configuration is Exim. You'll find it in the following sections.


Which server should deliver RT mail?


In a large environment, chances are that you have multiple machines to perform your tasks. In such an environment, you will get better performance by ensuring that RT runs on its own (or at least, lightly loaded) machine.

This does introduce a complication in delivering mail to RT. The examples below assume that you have your Mail Transfer Agent running on the same machine as RT. Getting the mail from your main mail server to the RT mail server is usually done by adding aliases on your main mail server to deliver the mail through your network to your RT machine internally. (You'll need to run an MTA on the RT machine, either in daemon mode (always accepting connections from your main mail server) or invoked from inetd.)

Remember to use generic addresses in your config files (eg, rt@example.com vs rt@rt.example.com or rt@bert.example.com) which will simplify your life in any future relocation of your RT installation.




Sendmail


An alias for the queue will need to be made in either your global mail aliases file (if you are using NIS) or locally on your machine.
Add the following lines to /etc/aliases (or your local equivalent):

support: "|/path/to/rt2/bin/rt-mailgate --queue support --action correspond"
support-comment: "|/path/to/rt2/bin/rt-mailgate --queue support --action comment"

Then rebuild your aliases file according to your setup. Usually this is done by typing:

# newaliases

If your sendmail configuration uses smrsh, the the sendmail restricted shell, you must tell smrsh that it is allowed to run rt-mailgate.. To do so, make a symlink in /etc/smrsh to rt-mailgate:

                            
# ln -s /path/to/rt2/bin/rt-mailgate /etc/smrsh/rt-mailgate




Qmail




Users of qmail will need to set up qmail aliases in ~alias/. For example, to direct mail sent to to the "support" queue as correspondence, put the following in ~alias/.qmail-support:

| /var/qmail/bin/preline /path/to/rt2/bin/rt-mailgate --queue support --action correspond

To direct mail sent to to the "support" queue as comments, put the following in ~alias/.qmail-support-comment:

| /var/qmail/bin/preline /path/to/rt2/bin/rt-mailgate --queue support --action comment                                                                                                                                                         

Keep in mind that rt-mailgate will be running with UID "alias"; if you have configured RT to log to a directory other than /tmp, you must ensure that that directory is writeable by the "alias" user.




Exim


An alias for the queue will need to be made in either your global mail aliases file (if you are using NIS) or locally on your machine.
Add the following lines to /etc/aliases (or your local equivalent):

support: "|/path/to/rt2/bin/rt-mailgate --queue support --action correspond"
support-comment: "|/path/to/rt2/bin/rt-mailgate --queue support --action comment"

Then rebuild your aliases file according to your setup. Usually this is done by typing:

# newaliases




scary exim hack


so, here's a scary exim hack to avoid creating rt-mailgate entries in each alias. You don't need it, but you might have fun.

From: seph                                               
Date: 10 Aug 2001 18:07:09 -0700                                                
User-Agent: Gnus/5.0803 (Gnus v5.8.3) Emacs/20.7                                
Subject: [rt-users] rt-mailgate and exim                                        
List-Id: For users of RT: Request Tracker              
 

I recently installed rt2 onto a machine that was using exim as it's MTA. While configuring the various aliases I figured there ought be a better way. So I hacked at my exim.conf for a bit (with help from a friend) and ended up with a machine where I can send mail to rt-queue+action@host, and it will DTRT.

basicly I told exim that I had a local user "rt" (I don't) and that - was a prefix and + was a suffix, and that it should send all mail for this user to a transport. The transport just execs rt-mailgate with the relevant command line flags.

my end setup will have my hacked exim.conf on the rt2 host, and my domain's main mail server will have aliases like:

abuse: rt-abuse+correspond@rt2

I find this much simpler than having big long aliases somewhere. anyhow, I figured I'd share....

One caveat, because this hack uses "+" and "-" as special characters. you can't have them in your queue names. but it's easy to change which characters it reserves

in the TRANSPORTS section of my exim.conf I've added:

                                                                          
# my rt hack                                                                    
local_delivery_rt:                                                              
  driver = pipe                                                                 
  command = "/usr/local/rt2/bin/rt-mailgate --queue ${quote:$local_part} --action ${quote:${substr_1:$local_part_suffix}}"                               
  return_path_add                                                               
  return_output                                                                 
  prefix = ""                                                                   
  suffix = ""                                                                   
  user = www-data      

and in the DIRECTORS section I've added:

                                  
localuser_rt:                                                                   
  driver = smartuser                                                            
  suffix = +*                                                                   
  prefix = *-                                                                   
  new_address = ${quote:${lc:${local_part}}}@${domain}                          
  transport = local_delivery_rt                                                 
                                                                                




scary qmail hack


From the mailing list.
You may need to twiddle the <s and >s around

From: Matthias Juchem <juchem@XXX.XXX>
To: rt-users@lists.fsck.com
Subject: [rt-users] A little script for using qmail with rt
Date: Wed, 27 Nov 2002 01:18:34 +0100
Message-Id: <E17Cqk5-0001Ru-00@gandalf.math.uni-mannheim.de>

Hi.

I am lazy. I do not want to update an mail alias file when I add a new queue 
to rt.

That is why I have written this little script, i at the end.

I guess it might be quite useful for other people too, so, have fun.

Best regards,
 Matthias



#!/usr/bin/perl

use strict;

#############
#
# qmail2rt v0.3
#
# (c) 2002 by Matthias Juchem 
#
# May be distributed freely, but I do not take responsibility for damage.
#
# Feedback is welcome.
#
#############
# This script is used for piping mails delivered by qmail to rt-mailgate.
#
# Setup:
# a) one virtual domains for rt with one user ($receiver) who receives all 
mail
#    for this domain (e.g. all mail for support.acme.com goes to user rt)
# b) ~$receiver/.qmail-default says:
#      | /var/qmail/bin/preline /home/$receiver/qmail2rt.pl
#      (e.g. "| /var/qmail/bin/preline /home/rt/qmail2rt.pl") 
# c) mail address for queues are built like this:
#     $queue-$action@virtualdomain
#   ( e.g. accounting-correspond@support.acme.com )
#    That means that LOCAL will contain rt-accounting-correspond.
# d) In the file $queuelistfile you can list all valid queues. Furthermore,
#    you can decide whether qmail2rt insists on having this file. But if the
#    file is present, qmail2rt will only accept mail for queus listed in this
#    file.
# e) @names contains some mail aliases. Mails to those addresses will be
#    forwarded to $rtowner. (e.g. if @names contains 'postmaster', mail
#    to postmaster@support.acme.com is forwarded to $rtowner.)
############

# Configuration variables - Change these for your site if necessary.

# mail address of the rt admin
my $rtowner       = 'rtowner@support.acme.com';

# full path to the queue list file
my $queuelistfile = "/home/rt/queuelist";

# set to 1 if $queuelistfile is mandatory, 0 if it optional
my $qlfmandatory  = 1;

# full path to the rt-mailgate programme
my $mailgate      = "/usr/local/lib/rt2/bin/rt-mailgate";

# full path to qmail-inject
my $qmailinject   = "/var/qmail/bin/qmail-inject";

# $receiver is the local user that receives all mail for our rt-subdomain.
my $receiver      = "rt";

# @names contains an array of mail aliases that should go to $rtowner directly
my @names         = ( "root", "postmaster", "mailer-daemon",
                      "rtowner", "owner", "admin", "hostmaster" );

# set to 1 qmail2rt should not send any hard errors, 0 else
my $noharderrors  = 0;

# set to 1 if user and group IDs should be sent with bounces. might be
# a problem wrt to security, but is useful while installing rt
my $sendugids     = 0;

###################################################################
# nothing should be changed below, i guess
###################################################################

my $debug = 0; # internal use
my $qrtversion = "0.3";

sub bounce($$); # forward declaration of bounce(), useful for sending errors
sub hbounce($); # wrapper for bounce() for hard errors
sub sbounce($); # wrapper for bounce() for soft errors
sub debug($);   # used to print debug messages

if(! defined($ENV{"LOCAL"}) ) {
    # qmail sets the LOCAL environment variable to the left-hand part of the
    # final email address that receives the mail
    # if mail is sent to general-correspond@support.domain.com and rt receives
    # all mail for support.domain.com, LOCAL is set to rt-general-correspond
    hbounce("LOCAL not set.");
}

my $local = lc($ENV{"LOCAL"});
$local =~ s/^$receiver-(.*)$/$1/; # strip the rt- at the beginning

debug "local is set to $local now";

# check if the mail went to one of the alias mentioned in @names
foreach my $name (@names) {
    if( $name eq $local ) {
	if( system( $qmailinject, $rtowner) != 0 ) {
	    hbounce("Unable to execute qmail-inject. ($?)");
	}
	exit 0;
    }
}

my $action=undef;
my $queue=$local;

# determine what to do with the mail
if( $local =~ m/^\w+-correspond$/ ) {
    $action = "correspond";
    $queue =~ s/^(\w+)-correspond$/$1/;
} elsif( $local =~ m/^\w+-comment$/ ) {
    $action = "comment";
    $queue =~ s/^(\w+)-comment$/$1/;
} elsif ( $local =~ m/^\w+$/ ) {
    # correspond is our default action
    $action = "correspond";
} else {
    $queue =~ s/^(\w+)-\w+$/$1/;
}

# check $queuelistfile for $queue
my $found = 0;
if(open QLIST, "<$queuelistfile") {
    foreach my $entry () {
	chomp $entry;
	if($entry eq $queue) {
	    $found=1;
	    last;
	}
    }
    close QLIST;
} else {
    # if we do not bounce here then rt will complain if the queue is not known
    sbounce("Unable to open queue list file.") if($qlfmandatory);
    $found=1;
}

if($found==1){
    if(defined($action)) {
	if( system( $mailgate, '--queue', $queue, '--action', $action) != 0 ) {
	    hbounce("Unable to execute rt-mailgate. ($?)");
	}
	exit 0;
    } else {
	sbounce("No suitable action found.");
    }
} else {
    sbounce("Queue $queue not known.");
}

############## subroutines 
####################################################

# return an error with the specified error code and error message
sub bounce($$) { # parameters: return code for qmail-send, short bounce 
message
    my $error = shift;
    my $text  = shift;
    
    # REUG stands for: Real Effective User Groups:
    # [REUG: real user, effective user, real groups, effective groups]
    # LAQ: similar ($local, $action and $queue)

    $action="" unless defined($action);
    $queue="" unless defined($queue);
    $local="" unless defined($local);

    my $message = "\nqmail2rt $qrtversion has detected the following ".
	"error:\n\n$text\n\n".
	"Please notify $rtowner if this problem persists. The line(s) ".
	"lines below will help him to fix the problem.\n\n".
	"[LAQ: \'$local\', \'$action\', \'$queue\']\n";
    if($sendugids) {
	$message = $message."[REUG: $<,$>,$(,$)]\n\n";
    } else {
	$message = $message."\n";
    }
    
    print STDERR $message;
    exit $error;
}

# return a hard error with specified error message
sub hbounce($) { # parameter: short bounce message
    if($noharderrors) {
	sbounce(shift);
    } else {
	bounce(100, shift);
    }
}

# return a soft error with specified error message
sub sbounce($) { # parameter: short bounce message
    bounce(111, shift);
}

# function used to print debug messages, prints only if $debug is true
sub debug($) { # parameter: debug message
    return unless $debug;
    my $text = shift;
    
    print STDERR "DEBUG: ", $text,"\n";
}







 



shorter scary qmail hack


A slightly simpler qmail hack, also from the mailing list.

You may need to twiddle the <s and >s around

From: Sam Johnston 
Subject: [rt-users] scarier qmail hack
Date: Thu, 28 Nov 2002 15:32:39 +1100
Message-ID: <3DE59C67.1020000@aos.net.au>


According to the RT/FM, there is a 'scary qmail hack' courtesy
Matthias Juchem of Wednesday 27 November 2002. I have optimised it
somewhat to a single line in /var/qmail/alias/.qmail-support-default
or equivalent

|/usr/bin/preline /opt/rt3/bin/rt-mailgate --queue ${EXT2%%\-*} --action ${EXT3:-correspond}

It's things like this that keep me using qmail. Anyway this appears to
work nicely for me, but your mileage might vary. I guarantee nothing
except that it will take up space. In particular you could run into
trouble with the shell expansions (my system uses bash but I have a
feeling these are fairly portable) and lack of error checking.

Sam







 



Ensuring that RT-generated mail gets delivered


Something which a number of people forget, is to flush the queue on 
your Mail Transfer Agent (MTA) after RT has generated a mail.  This can 
be done by ensuring that the MTA is running in queue mode, or invoke an 
MTA queue run from cron every acceptable time period (eg, every 5 
minutes).





 
 
 



Appendix









Installing RT on Debian Linux


If you're not familar with Debian, 
it's a linux distribution with a large collection of pre-compiled 
packages.

As debian has a very good packaging system, it's better for us
to work within it. This means avoiding cpan, and thus avoiding
make fixdeps while this sounds horrible inconvient, 
it turns out everything RT needs is already packaged. I generally 
run make testdeps several times while installing packages
until I have something that passes testdeps.

As of 2002-03-07, debian testing, and rt-2-0-12-pre6 These are the 
packages I needed for perl:

libhtml-mason-perl 
libapache-mod-perl
libmd5-perl
libstorable-perl
libdbix-datasource-perl
libdbix-searchbuilder-perl  
    (note: there  may be a newer version in cpan, that you want)
libapache-request-perl
libcgi-perl
libcgi-pm-perl
libapache-session-perl
libtimedate-perl
libmime-perl
libtie-ixhash-perl
libtext-wrapper-perl
libtext-template-perl
libfreezethaw-perl
liblog-dispatch-perl
libapache-dbi-perl (very important. not in testdeps)
perl-suid  (very important. not in testdeps)



you will, of course, need additional packages for your webserver,
your mailserver, and your database. 
This rtfm 
article has complete install notes, and not just a package list.



 



Full install notes for Debian


Install notes from 2002-03-07

installing rt-2-0-12-pre6 onto debian testing (with some packages from
unstable)

The Database
 
My machine is going to be dedicated to running rt and it's
database. As of now, rt is a little happier with mysql, so I'll use
it. You might want to use another database, or a seperate machine.

Installing the database:
  
apt-get install mysql-client mysql-common mysql-server
Configureing the Database: 
  
change root's password
     
mysqladmin password db-root-passwd
  
edit the files in /etc/mysql/ most important is so change
     the max_allowed_packet to 16M

change the location of the database from /var/lib/mysql to /local/mysql


Build Depends

tools we need to get and run the builds
  
apt-get install make wget
system things (directories, groups, etc)
  
mkdir -p /usr/local/src/rt
  
addgroup rt
  
adduser www-data rt
 get the source
  
cd /usr/local/src/rt
  
wget http://www.fsck.com/pub/rt/devel/rt-2-0-12-pre6.tar.gz
  
tar xzf rt-2-0-12-pre6.tar.gz
  

Perl Dependancies
This is the fun part.
basicly, keep running make testdeps until it finds everything. 
You'll likely need the following packages. (all in the debian archives)

libhtml-mason-perl 
libapache-mod-perl
libmd5-perl
libstorable-perl
libdbix-datasource-perl
libdbix-searchbuilder-perl  
    (note: there  may be a newer version in cpan, that you want)
libapache-request-perl
libcgi-perl
libcgi-pm-perl
libapache-session-perl
libtimedate-perl
libmime-perl
libtie-ixhash-perl
libtext-wrapper-perl
libtext-template-perl
libfreezethaw-perl
liblog-dispatch-perl
libapache-dbi-perl (very important. not in testdeps)
perl-suid  (very important. not in testdeps)


Install RT
follow the install guide.
First, edit the Makefile these docs
are pertinent.
 
make install
 this will prompt you for several
   passwords. most of the time it wants the mysql admin/root
   passwords, but sometimes it wants the rt users's password. pay
   attention to what it says.



 



Full install notes for RedHat 7.2


From the mailing list.

You may need to twiddle the <s and >s around
From: Gary Leong <gwleong@XXX.XXX>
To: rt-users@lists.fsck.com
Subject: [rt-users] RH 7.2 step by step
Message-ID: <3CED786B.59C06A31@lbl.gov>
Date: Thu, 23 May 2002 16:16:59 -0700

Here are the step by step instructions I promised way back when.  I
didn't get a chance to write it up until now.  It's off the top of my
head, so I do apologize if I neglected a step or two.  Please let me
know of any mistakes, so I can update the instructions on
documenations..  Thanks.

I also attached the file.

Gary


1)Install Redhat 7.2

2)Remove apache in distributed Redhat 7.2
To a get a list, run this command:

  rpm -qa | grep apache

apacheconf-0.8.1-1
apache-manual-1.3.22-2
apache-devel-1.3.22-2
apache-1.3.22-2

then run

  rpm -e apacheconf-0.8.1-1
  rpm -e apache-manual-1.3.22-2
  rpm -e apache-devel-1.3.22-2
  rpm -e apache-1.3.22-2

3)Download mod_perl and apache source.  I put the source in /temp. Unzip
and untar the source.

  gunzip -c apache_1.13.9.tar.gz | tar xvf -
  gunzip -c mod_perl-1.26.tar.gz | tar xvf -

4)To install Apache with mod_perl statically compiled.

cd into the mod_perl directory and run the following commands to
configure mod_perl for apache install:

      cd /temp/mod_perl-1.26
            perl Makefile.PL \
             APACHE_SRC=../apache_1.13.9/src \
              NO_HTTPD=1 \
              USE_APACI=1 \
              PREP_HTTPD=1 \
               EVERYTHING=1 \
               make
               make install

cd into apache source directory.  To install apache, run the following
commands:
         cd /temp/apache_1.3.19/
         ./configure --prefix=/usr/local/apache \
             --activate-module=src/modules/perl/libperl.a \

5) Download and install CPAN
unzip and untar source and cd into CPAN source directory.
follow these commands to install:

  gunzip -c CPAN-1.59.tar.gz | tar xvf -
  cd /temp/CPAN*
  perl Makefile.PL
  make
  make install

6) Install Mason manually as CPAN doesn't seem to download and install
it automatically.
unzip and untar source and cd into Mason directory.

  gunzip -c HTML-Mason-1.04.tar.gz | tar xvf -
   cd /temp/HTML-*
  perl Makefile.PL
  make
  make install

7) Download and unpackage RT.

  gunzip -c rt.tar.gz | tar xvf -

8) Get dependent modules.
  cd /temp/rt-2-0-9/
  make testdeps
  make fixdeps

9) Configure preliminarily apache.

 a)In http.conf, change the following lines.  They are in this order,
but not juxtaposed vertically.  Do a search
     make the changes.


  ServerType stand
  ServerRoot "/usr/local/apache"
  MinSpareServers 5
  MaxSpareServers 20
  StartServers 8
  MaxClients 150
  MaxRequestsPerChild 100
  Listen 80
  Port 80
  User apache
  Group apache
  ErrorLog /var/log/httpd/error.log
  CustomLog /var/log/httpd/access_log combined

 b)Make log directories.
  mkdir -p /var/log/httpd/error.log /var/log/httpd/access_log
  chown -R apache:apache /var/log/httpd/error.log
/var/log/httpd/access_log

10) Create user rt.

groupadd -g 35 rt
useradd -m -d /home/rt -u 4040 -g 35 rt

11) Set root password for MySQL database.

e.g.

username: root
password: 123456

The syntax is as follows:

/mysql/admin -u root password '123456'

12) Install RT

 a) Make changes to Makefile
  cd /tmp/rt-2-0-9
  vi Makefile
   for these entries

   RT_PATH = /opt/rt2
   RT_LOG_PATH = /var/log/rt2
                        DB_TYPE = Mysql
   DB_HOME = /usr/bin/mysql
   DB_DBA = root
   DB_DBA_PASSWORD = "123456"
   DB_RT_USER = rt
   WEB_USER  = apache
   WEB_GROUP = apache
 c) mkdir -p /var/log/rt2
    chown -R root:rt /var/log/rt2
    chmod 755 /var/log/rt2

 b) Install rt: build database and install rt files.

  make install

13) Set up Sendmail
 a) configure Sendmail to receive connections outside of localhost.
Sendmail from Redhat
           by default doesn't allow outside email.
  change the mc file

   vi /etc/mail/sendmail.mc
    DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
<-------------dnl this entry
    run the command

   m4 /etc/mail/sendmail.mc > /etc/sendmail.cf

   vi /etc/aliases
    rt-comment: "|/opt/rt2/bin/rt-mailgate --queue general --action
comment"    <----------add the following entry
    rt: "|/opt/rt2/bin/rt-mailgate --queue general --action
correspond"         <----------add the following entry
14) Configure config.pm file for rt
  Let's say our domain is wheats.com.

 a) Change the following in the file, accordingly.
  e.g.
  $rtname="wheats.com";
  $rtname="wheats.com";
  $DatabaseUser='rt';
  $DatabasePassword='123456';
  $CorrespondAddress='rt';
  $CommentAddress='rt';

15) Make sure user rt can access and manipulate database.

e.g.
username: root
password: 123456

  mysql -u root -p
  GRANT ALL ON rt2.db.* To rt@localhost Identified By "123456"
  quit
16) Setup rt to access by Apache.
 e.g.
 IP address of rt machine: 128.5.3.11
 Only machines in wheats.com domain will allow be accessed.

 In the httpd.conf file in /usr/local/apache/conf


 a) Add the following entries, accordingly.


  #NameVirtualHost *

  <VirtualHost 128.5.3.11>
  DocumentRoot /opt/rt2/WebRT/html
  ServerName dummy.wheats.com
  PerlModule Apache::DBI
  PerlRequire /opt/rt2/bin/webmux.pl
  <Location />
  SetHandler perl-script
  PerlHandler RT::Mason
  Order allow,deny
  Allow from *.wheats.lbl.gov
  </Location>
  </VirtualHost>


17) Add apache to run scripts.
  cp /usr/local/apache/bin/apachect1 /etc/init.d/
  ln -s /etc/init.d/apachect1 /etc/rc3.d/S99httpd

18) Reboot the machine. I hope everything works.  Please, please let me
know if things don't go right or how
I can make things clearer.


1)Install Redhat 7.2 

2)Remove apache in distributed Redhat 7.2
To a get a list, run this command:

		rpm -qa | grep apache 

apacheconf-0.8.1-1
apache-manual-1.3.22-2
apache-devel-1.3.22-2
apache-1.3.22-2

then run 

		rpm -e apacheconf-0.8.1-1
		rpm -e apache-manual-1.3.22-2
		rpm -e apache-devel-1.3.22-2
		rpm -e apache-1.3.22-2

3)Download mod_perl and apache source.  I put the source in /temp. Unzip and untar the source.

		gunzip -c apache_1.13.9.tar.gz | tar xvf -
		gunzip -c mod_perl-1.26.tar.gz | tar xvf -

4)To install Apache with mod_perl statically compiled.

cd into the mod_perl directory and run the following commands to configure mod_perl for apache install:

 	   	cd /temp/mod_perl-1.26
           	perl Makefile.PL \ 
            	APACHE_SRC=../apache_1.13.9/src \ 
             	NO_HTTPD=1 \ 
             	USE_APACI=1 \ 
             	PREP_HTTPD=1 \ 
              	EVERYTHING=1 \ 
              	make 
              	make install 

cd into apache source directory.  To install apache, run the following commands:
	        cd /temp/apache_1.3.19/
        	./configure --prefix=/usr/local/apache \ 
            	--activate-module=src/modules/perl/libperl.a \ 

5) Download and install CPAN
unzip and untar source and cd into CPAN source directory.
follow these commands to install:

		gunzip -c CPAN-1.59.tar.gz | tar xvf -
		cd /temp/CPAN*
		perl Makefile.PL
		make
		make install

6) Install Mason manually as CPAN doesn't seem to download and install it automatically.
unzip and untar source and cd into Mason directory.

		gunzip -c HTML-Mason-1.04.tar.gz | tar xvf -
 		cd /temp/HTML-*
		perl Makefile.PL
		make
		make install

7) Download and unpackage RT.

		gunzip -c rt.tar.gz | tar xvf -

8) Get dependent modules.
		cd /temp/rt-2-0-9/
		make testdeps
		make fixdeps

9) Configure preliminarily apache.  

	a)In http.conf, change the following lines.  They are in this order, but not juxtaposed vertically.  Do a search 
  	  make the changes.	


		ServerType stand
		ServerRoot "/usr/local/apache"
		MinSpareServers 5
		MaxSpareServers 20
		StartServers 8
		MaxClients 150
		MaxRequestsPerChild 100
		Listen 80
		Port 80
		User apache
		Group apache
		ErrorLog /var/log/httpd/error.log 
		CustomLog /var/log/httpd/access_log combined

	b)Make log directories.
		mkdir -p /var/log/httpd/error.log /var/log/httpd/access_log
		chown -R apache:apache /var/log/httpd/error.log /var/log/httpd/access_log

10) Create user rt.

groupadd -g 35 rt
useradd -m -d /home/rt -u 4040 -g 35 rt

11) Set root password for MySQL database.

e.g.

username: root
password: 123456

The syntax is as follows:

/mysql/admin -u root password '123456'

12) Install RT

	a) Make changes to Makefile
		cd /tmp/rt-2-0-9
		vi Makefile
			for these entries

			RT_PATH = /opt/rt2
			RT_LOG_PATH = /var/log/rt2
                        DB_TYPE = Mysql
			DB_HOME = /usr/bin/mysql
			DB_DBA = root
			DB_DBA_PASSWORD = "123456"
			DB_RT_USER = rt
			WEB_USER  = apache
			WEB_GROUP = apache
	c) mkdir -p /var/log/rt2
	   chown -R root:rt /var/log/rt2
	   chmod 755 /var/log/rt2

	b) Install rt: build database and install rt files.

		make install

13) Set up Sendmail
	a) configure Sendmail to receive connections outside of localhost.  Sendmail from Redhat 
           by default doesn't allow outside email.
		change the mc file

			vi /etc/mail/sendmail.mc 
				DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')      <-------------dnl this entry
	   run the command

			m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
			
			vi /etc/aliases
				rt-comment: "|/opt/rt2/bin/rt-mailgate --queue general --action comment"    <----------add the following entry
				rt: "|/opt/rt2/bin/rt-mailgate --queue general --action correspond"         <----------add the following entry   
14) Configure config.pm file for rt
 	Let's say our domain is wheats.com.	
	
	a) Change the following in the file, accordingly.
		e.g.		
		$rtname="wheats.com";
		$rtname="wheats.com";
		$DatabaseUser='rt';
		$DatabasePassword='123456';
		$CorrespondAddress='rt';
		$CommentAddress='rt';

15) Make sure user rt can access and manipulate database.

e.g.
username: root
password: 123456

		mysql -u root -p 
		GRANT ALL ON rt2.db.* To rt@localhost Identified By "123456"
		quit
16) Setup rt to access by Apache.
	e.g. 
	IP address of rt machine: 128.5.3.11
	Only machines in wheats.com domain will allow be accessed.

	In the httpd.conf file in /usr/local/apache/conf


	a) Add the following entries, accordingly.


		#NameVirtualHost *
 
		<VirtualHost 128.5.3.11>
		DocumentRoot /opt/rt2/WebRT/html
		ServerName dummy.wheats.com
		PerlModule Apache::DBI
		PerlRequire /opt/rt2/bin/webmux.pl
		<Location />
		SetHandler perl-script
		PerlHandler RT::Mason
		Order allow,deny
		Allow from *.wheats.lbl.gov
		</Location>
		</VirtualHost>


17) Add apache to run scripts.
		cp /usr/local/apache/bin/apachect1 /etc/init.d/
		ln -s /etc/init.d/apachect1 /etc/rc3.d/S99httpd

18) Reboot the machine. I hope everything works.  Please, please let me know if things don't go right or how 
I can make things clearer.




 



Installation notes for Solaris


These notes courtsey of Stanislav Sinyagin:

Most of the installation process goes without problems.
The only known concern is Sendmail configuration.


In Solaris 8, Sendmail executable is placed where you normally
don't expect it: /usr/lib/sendmail. Thus, you need to set
$SendmailPath in etc/config.pm.


In addition, you might want to change the default Sendmail
configuration. In /usr/lib/mail/ you will find the sources for
Sendmail configuration files (available via package SUNWsndmu).
Note that the default configuration supplied by Solaris
rewrites the sender's address with the fully qualified hostname.
You may change this with MASQUERADE_AS(support.yourdomain.com)
statement. Note that it's incompatible with FEATURE(`remote_mode').




 
 
 



Administration Guide









Concepts


RT is a complex application. You need to understand the concepts behind RT and the terminology describing these concepts if you are going to deploy it to the best effect in your organisation.






Terminology









Ticket


A Ticket contains all the information regarding a request, including who requested it, what action has been taken, its current status, and the details of the request.

Each ticket is identified by a unique ticket number. The terms ticket and request are used interchangably. Users with a background with the commercial Clarify helpdesk system will be used to the term Case, which also means the same thing.






 



Links


Tickets can be linked to each other with these relationships:



MemberOf

RelatedTo

DependsOn

MergedInto



These links are informative for RT users viewing tickets, and are also used in a variety of ways by RT such as in searches.





 



Requestor


The user who created the request. He may or may not be a user on the local Unix system. Depending on how RT is configured, he might instead be someone sending an email whose identity cannot be verified.





 



Status



A ticket will always have a status which may be one of:
 

 
New: The ticket has never been viewed or acted upon.
 
Open: The ticket has been viewed, and is being dealt with.
 
Stalled: The ticket has been put on hold as it cannot presently be resolved. If there is any further correspondance, the ticket will automatically be reopened.
 
Resolved: The ticket has been dealt with, and is no longer an issue.
 
Dead: This indicates that the ticket was deleted. Usually tickets are only deleted in the case of duplicate requests or spam email. For technical reasons a ticket is never erased from the database, it just has the Dead status.
 
 
Sites will sometimes have their own interpretation of each status.





 



Users


Every person or program that interacts with RT has a username and is therefore a user. A user has attributes stored against their username. There is only one type of user, but the attributes means that users have very different capabilities within the RT system.

Examples of attributes used to differentiate users are:


Ticket privileges, where a user has the ability to perform a certain action to tickets such as create or delete
Group memberships, where a user shares attributes with other users
Unix username, which gives the user the right to use RT from the Unix commandline interface




Sometimes it looks like someone can interact with RT without having a username. As you'll find out elsewhere in this documentation, this is not correct.








Attributes


Some attribute information is stored for every user.





 Name. This is the username that all activity is logged by. It need not correspond to a username in any other system at all, although it can do either via the external authentication scheme or via the Gecos Unix Username attribute.

 Password. This can be null, although of course it is normally bad policy to do so.

 Gecos (Unix Username). If this is not set then the user cannot log in via RT's commandline tool, which uses the unix username for authentication.





 





Privileged Users


Privileged users are users who can be granted rights and responsibilities. Typically they are the staff of the organisation using RT but that entirely depends how your organisation is structured. For example, you can easily create privileged users with minimal privileges to allow your customers to contribute to tickets about a certain topic.






 





Nonprivileged Users


These users can not be granted rights or responsibilites (except as
members of pseudogroups. These users can not access the 
normal RT web interface. When they access the web interface, they
are immediately shunted to RT's "SelfService" interface for requestors.



When email is submitted to RT's email gateway from an unknown email
address, RT will automatically create a Nonprivileged user with a name derived from the email address. RT will assign the ticket to the special nonprivileged user nobody. The newly-created Nonprivileged user is required in order for RT to function (eg to track correspondance) and has nothing to do with ticket ownership, queue privileges or anything else. It is a very good idea to put RT behind a spam filter such as Spamassasian.



It is not currently possible to force tickets that are automatically created like this to be owned by a particular user.





 


 



Queue


A queue contains tickets generally of a similar nature, for example, a technical support queue. Queues are an administrative unit with their own privileges, scrip actions, templates and keywords. Each ticket can only be associated with one queue.



Multiple queues may be set up, and each will have its own email address. So you might have a queue called noc@example.com which is monitored by technical staff, and billing@example.com which is used by accounts staff. Tickets may be moved between queues, so a tech could pass a ticket onto the accounts department once work has completed.



Queues can be configured differently, so the noc queue may issue an autoresponse when a ticket is created, whereas the accounts queue might be configured to prevent internal correspondance being sent to the requestor.






 



Groups


Groups are logical collections of usernames. In general, if an RT operation can be performed on a single user it can be performed on a group as well. 



This is particularly useful when dealing with permissions and ACLs. So for example it often makes sense to give a particular group read-only access to a certain queue rather than the many members of that group. Removing a username from the group causes all privileges granted via that group membership to be revoked.








Normal Groups


These consists of collections of usernames.






 





Pseudogroups


These are special collections of usernames, and contain some special usernames. These come configured by default. Pseudogroups cannot be created by an Administrator, they are built in to RT. Some memberships in pseudogroups can be changed, however. 

A list of the pseudogroups is:



 











 


 



Watchers




Watchers are (essentially) people that get email about tickets.
Watchers can be added globally (all queues), per-queue, or per-ticket.
Right now, watchers can only be individual users, not groups. I expect
this to change.



There are three sorts of watchers, as follows.









Types of Watchers


There are three types of watchers.








Requestors


Requestors are people making the request which ended up in a particular queue by some means. The requestor does not own a ticket because they made the request (and in most installations the requestor cannot own a ticket), but the requestor usually does get at least some correspondance via email, for example an automated reply via the AutoReply scrip.



Requestors traditionally see only correspondence, however since RT knows about some kinds of users (either because they are RT users, or because RT does a matching between email address and RT username) a requestor may also be someone with privileges to do things to the ticket.





 





Ccs


Ccs are people other than the Requestor who need to see email traffic relating to the ticket (exactly what traffic depends on the scripactions that have been set up.) The thing distinguishing a Cc is that while they receive this email they do not necessarily have privileges to do anything in the RT system. Any email address anywhere on the Internet can be in the Cc list.





 





AdminCc


An AdminCc is just like a Cc, except that the recipient is someone with privileges to do things in RT. Often this may be used so that AdminCcs get to see more details about ticket activity, however this is not necessarily so (for example, some queue administrators might not wish to be burdened with a lot of email.) 



The only people that can be added as a AdminCcs for a queue are those with permissions to administer tickets in that queue.





 


 





Watcher Scopes











Queue








 





Ticket








 


 


 



Keywords


Keywords are tags specific to your organisation that are presented to queue administrators for their use in classifying tickets. The definition and use of keywords is entirely site-specific. Keywords are definied in a hierachical tree. 



Keywords can be used for searching and reporting, and as trigger values in Scrips. This Administration Guide has an extensive section on keywords which includes a tutorial.





 
 



Access Control (ACLs)



rt2 includes a rich acl scheme which supports granting rights to users and groups for a given queue or for the entire RT instance.


rights can be granted to:
        a specific user who has the privileged flag set and doesn't have the disabled flag set
        a specific locally defined group
        one of several 'pseudogroups': 
                everyone, requestor, cc, admincc, owner



Rights granted to an individual user are granted to that user and only that user

Rights granted to a locally defined group will be made available to all members
of that group, so long as they remain members of the group.

rights granted to the pseudo-group 'everyone' will be granted to all users.

Rights granted to any of the following pseudo-groups will be dynamically 
granted to users based on the current ticket being dealt with:
        requestor, cc, admincc, owner.
        






Description of Rights


Rights can be granted to users and groups to define what the user is allowed to do and change in RT. Rights can apply to the whole of RT and all the queues (global) or can apply to a single specific queue. Rights can be granted to individual users and to defined groups of users.

Rights can also be assigned to pseudogroups that define users in a context. The pseudogroups are "Everyone" (all the users on the system), "Requestor" (users that are requestor in the context of the current ticket), "Cc" (users that are Cc , either direct by the ticket or defined in the queue, of the  selected ticket) and "AdminCc" (users that are Administrative Cc to the ticket or the ticket's queue).

The effective rights of a user are the combination of the global personal right, the combined global rights of the groups the user is in, the rights of the user and all the groups that the user is in to the currently selected queue and the rights the user gets through the pseudogroups.

A description of all the rights that users and groups can be assigned in RT  follows:

AdminGroups (global only)
Users with this right are allowed to create new groups, modify the name and
description of the group and add and remove registered users to and from
the group.

 AdminKeywordSelects (global and queue)


Users with the AdminKeywordSelects should be able to add, delete and modify
keyword selections for a specific queue (or all queues if this right is set
globally).


 AdminKeywords (global only)

Users with the AdminKeywords rights can add, modify and delete keywords.
Keywords are global to RT.

AdminQueue (global and queue)


Users with the AdminQueue right can change can change anything on the queue 'basics' screen.  They can create queues (if granted the right globally)
They can "disable" a queue. Which means that no new tickets can be created
in the queue.

 AdminUsers (global only)

Users with this right are allowed to add and modify users.
All privileged users are allowed to browse all the registered users.


 CommentOnTicket (global and queue)

Users with the CommentOnTicket right are allowed to add comments to
tickets. When this right is global a user can add comments to all the
tickets in RT otherwise the user is only allowed to comment on tickets in
the specified queue.

CreateTicket (global and queue)

Users with the CreateTicket right can create requests in the specified
queue or in all the queues if global is selected.


 ModifyACL (global and queue)

If a user has the ModifyACL right he/she can change the rights different
users and groups can be assigned regarding queues. If the ModifyACL right
was granted globally the user can change all the ACLs in RT, including the
global ones (including granting him/herself SuperUser privileges).
ModifyACL does strange things without ShowACL.


ModifyQueueWatchers (global and queue)

This rights enables a user to register and remove other users as watchers
(Cc and AdminCc) to a queue. If this right is assigned globally the user
can modify watcher settings of all the queues.

 ModifyScrips (global and queue)
This right allows a user to add and delete scrips from a queue of, if the
right is granted globally, change the global default scrips.

 ModifySelf (global only)

This allows the user to change his/her personal settings.
The following fields are now only modifiable by folks with "AdminUsers"
permission:

Organization, Disabled, Privileged, Name, ExternalContactInfoId,
ContactInfoSystem, ExternalAuthId, AuthSystem, Gecos

The basic philosophy behind the decision about what to limit editing to
is that the user should be free to modify their own contact
info, but should not be able to modify RT username or fields that could effect
ACLs. (Organization is something that folks may be keying external lookups off. I could probably be convinced to make this 'open')






ModifyTemplate (global and queue)

The user is allowed to modify the templates. If this right is granted
globally the user may modify the global templates and the templates for all
the queues.
>

ModifyTicket (global and queue)

The user is allowed to modify the ticket. Modifying the ticket includes
changing the subject, status, time worked, time left,
priorities. ticket dates, keyword values, owner (to users that are allowed to
own the ticket?), requestor and watchers and relationships with other
tickets. The user can also comment and correspond on tickets.


OwnTicket (global and queue)

Only users that have the OwnTicket right can be owners of a ticket. This
right can be granted globally or per queue.


ReplyToTicket (global and queue)


User with a ReplyToTicket right can add replies to a ticket.



SeeQueue (global and queue)

This right right allows the user to see that a given queue (or all queues)
exists

ShowACL (global and queue)


This allows the user to view the currently active ACLs (rights granted to
users and groups). When this rights is applies globally the user is allowed
to view all system ACLS


ShowScrips (global and queue)

   Users with this right are allowed to view scrips.


ShowTemplate (global and queue)

Users with this right are allowed to view the mail templates.


ShowTicket (global and queue)


Users with this right are allowed to display the ticket.


ShowTicketComments (global and queue)

Users are allowed to view the comments entered with tickets.

SuperUser (global only)
A SuperUser is allowed to do anything.

Watch (global and queue)
The user is allowed to sign up to "watch" this queue or tickets in this queue
as a cc or a requestor. The user is also allowed to stop watching tickets
in this queue.  Think of this as AdminWatchers, but only for oneself as
requestor or CC.



WatchAsAdminCc (global and queue)
Like Watch, but only as an Admin






 
 



Scrips


RT 2.0 includes a powerful system for implementing local business logic, called 'Scrips'.  (The 'Scrips' system is a combination of a 'script' system and a 'subscription' system).



With RT 1.0, the requestors of a ticket were automatically emailed

on any correspondence that RT couldn't determine came from them.

RT 2.0 allows each site to control this and many other behaviors at the queue

level.  Through the scrips mechanism, RT 2.0 allows local administrators to define what actions should be taken on each transaction.  



Scrips can be defined per-queue and system-wide. 

Each scrip is composed of a Condition, an Action and a Template.



For 2.0 there isn't an exposed user interface for defining new actions and

conditions, though the programming API is simple and well defined.










Conditions




Conditions are things like:

    OnCorrespond
        OnComment
    OnCreate
    OnStall
    OnResolve
    OnTransaction






 



Actions


Actions include things like:

    NotifyRequestorsAsCorrespondence
    NotifyCcsAsCorrespondence
    NotifyAdminCcsAsCorrespondence
    NotifyAllWatchersAsCorrespondence
    NotifyRequestorsAsComment
    NotifyCcsAsComment
    NotifyAdminCcsAsComment
    NotifyAllWatchersAsComment

Note: Notify scrips do not send mail to the user performing the action.






 



Templates




There are a bunch of predefined system-wide templates like:





    
  Autoreply

    
  Transaction

    
  Correspondence

    
  Comment



        Additionally, RT allows local RT administrators to define new

        system-wide tempaltes and allows queue administrators

        to define per-queue templates.  



        Templates can optionally have RFC822 headers which will be appended

        to an outgoing mail message.  If a template has such headers, it

        B contain 2 newlines seperating the message body from the headers.







 
 



Relationships


RT2 has the concept of arbitary relationships that link two (or more)
tickets together.  A ticket can have multiple relationships with 
multiple tickets.


Depends on / Depended on By
A ticket can depend on another ticket.  The normal usage is when
a given project (ticket) cannot be completed until another project
(ticket) has been completed.
Parent / Child, Children
A given project (ticket) can be a sub-project of another, larger
project (ticket).  This also has some of the implications of 
Depends on/Depended on by, but the focus is on a vertical, rather than horizontal dependency.
Refers to / Referred to by
This is primarily for documentation purposes.  A given ticket can
contain the interesting/useful information that doesn't need to be
repeated in another ticket.





 
 



Backup and Restoration


The RT system is primarily database driven.  To backup your working
RT installation, it is suggested that you first understand the pitfalls
behind backup and restoration of a relational database.  The MySQL chaps have written an excellent guide, with specifics.  This 
states in parts:

 
The key to safe database management is taking regular backups. To take a 'binary' backup of your database you have to do the following:

    * Shut down your MySQL database and make sure it shuts down without errors.
    * Copy all your data files into a safe place.
    * Copy all your log files to a safe place.
    * Copy your `my.cnf' configuration file(s) to a safe place.
    * Copy all the `.frm' files for your InnoDB tables into a safe place.


A script to perform a backup of RT exists for RT 1.0.x in the
contrib directory right here, but you do want to read the README first.


TODO - Verify suggestions from rt-users for RT 2.0.x, also clarify restoration procedures  - bc.





 



Email






 



Administrative Procedures









Creating a user









with the CLI








 



with the web interface








 
 



Creating a queue






 



Granting users rights to access a queue




        To allow any user to create a ticket in any queue, grant the right
'CreateTicket' to the Pseudogroup 'Everyone' globally.

        To allow any user to create a ticket in the queue 'general', grant
the right 'CreateTicket' to the pseudogroup 'Everyone' for the queue 'general'

        To allow anyone to send in an email update to a ticket in the queue 'general', grant the rights 'ReplyToTicket' and 'CommentOnTicket' to the pseudogroup 'Everyone for the queue 'general'







 



Using scrips to notify users of changes to tickets in a queue






 
 



Keywords





RT2 has a very
useful new feature, called keywords, for tracking
characteristics of tickets.  Keywords allow you to assign any sort of
tracking metrics you want to tickets in your queues.  For instance,
you could track job applications by geographic region in order to
determine where you should locate new offices; or you could add a
"severity" level to tickets in order to help you prioritize your work.
Once keywords are added, they become part of the ticket display, and
you can use them as restrictions in a ticket search.



Another important use for keywords is reporting. A common requirement is 
a regular report that includes a brief summary of the tickets
that have been closed recently. Keywords can save a lot of time in doing
this without requiring the workers to write detailed explanations. Just assign
a keyword category such as "Reason for Closure" and the report can be mostly
constructed from a normal RT search screen.

Keywords are very easy to add to your RT
installation -- they can be added completely through the Web
interface.  There are two basic steps to adding keywords to RT:


  
Create a set of keywords that you want to
      track; and
  
Add your keywords to all queues, or to one or
      more individual queues.


This tutorial will teach you how to add a "Progress" keyword
selection to a job application tracking queue.  This keyword will
allow you to track how far along each candidate is in the review
process.  Using this example you can add any keywords appropriate for
your uses to your site's RT configuration.






Creating a Set of Keywords


The first step in using keyword selections is to
set up a set of keywords that will be useful to you.  A "keyword" is
either any individual ticket characteristic (such as an urgency level
like "Critical"), or a category of individual keywords (such as
"Urgency").  In planning your keywords, take a look at the example
job-applicant keyword selection to the right, and use it as a model.
This example shows one keyword selection, with a category named
"Progress," and six individual keywords in that category (of which
five are shown in the graphic) named "1. Requested interview,"
"2. Interviewed once," and so on.

Internally, RT does not make a distinction between categories and
individual keywords -- all keywords are stored in one "tree" structure
(just like a filesystem with a root directory and subdirectories).
Any keyword can contain other keywords.  This fact can be helpful in
organizing keywords for easy administration.

In our example, we want to create a keyword selection to track
candidate review progress for a queue named 'jobs'.  Since this
keyword selection applies only to the jobs queue, and no other queue
on our system, we'll create a top-level keyword called Jobs.
This is not required -- you could put the Progress keyword at
the top level -- but doing this will allow us to keep ourselves
organized by grouping any keywords specific to the 'jobs' queue
together.  Inside Jobs, we'll create a subcategory called
Progress, which is our category keyword.  Then, inside
Progress, we will create one keyword for each of the selections
we want to appear in the form.  Our plan, then, is to create the
following keyword structure:


  
Jobs
      

        
Progress
            

              
1: Requested interview
              
2: Interviewed once
              
3: Interviewed more than once
              
4: Offer made
              
5: Hired
              
6: Offer rejected
            
      


One thing to note is that when RT displays keyword selections on a
ticket, it sorts them alphabetically.  If you would like to have your
selections appear in a specified, non-alphabetic order, it is helpful
to add a sequential number or letter to the front of each individual
keyword.  In our example, our interviewing process has several steps
that need to follow each other, so we've added "1:", "2:", etc. to the
beginning of each step.


Now that we've planned out our keywords, we can add them to RT.
While logged into our RT system as a SuperUser (for instance, using
the "Administrator" account), first select [Configuration], and
then within configuration, select [Keywords].  The keywords
administration page shows a list of existing top-level keywords
(probably empty at this point), and then a field for adding a new
keyword.  Following our plan above, type "Jobs" into the entry field
and hit the "Add" button.  The result should look like this:



Once this is done, we then want to create keywords within the Jobs
keyword.  To do this, first click on the word "Jobs" (not the "edit"
next to "Jobs" -- edit only changes the name of the "Jobs" keyword --
but instead the word "Jobs" itself), and then use the
text field to add the "Progress" keyword.  Then click on "Progress"
and add each of the individual keywords planned out above.  When all
of the keywords have been added, the result appears as follows:



(In the image above, the numbers "16", "17" and so on may be
different on your system -- don't worry about that.  These numbers are
RT's internal id's for each keyword, and they do not affect your
configuration.)

We have now added all the keywords we need to the system.  As of
right now, these keywords do not appear in any of our tickets, because
they have not been added to the queue configuration.  What we have
done so far is make RT aware of the keywords -- now we need to
associate our keywords with our "jobs" queue.





 



Adding a keyword selection to a queue


Once we have entered keywords into RT, we then need to specify
Keyword Selections, which are sets of keywords available for
selection on a ticket.  To do this, we need to choose a selection
model (single or multiple), a selection depth, and which queue or
queues will use the keyword selection.  Each choice is described
below.

A keyword selection is represented in the RT
interface as one form selection field -- a list of items that a user
may select.  Our example keyword selection is pictured at right.
There are two varities of keyword selection: Single selection
and Multiple selection.  In single selection, a user may select
any one keyword in the list, but not more than one.  In our example,
we use a single selection since each step in the interview process is
distinct.  In a multiple selection, a user may choose one or more
keywords in the selection list (usually by holding down the "Control"
key while selecting each keyword).  For instance, if you had a keyword
category called "Ways to contact" containing the individual keywords
"Email," "Phone," "Fax," and "Pager," you might want to allow multiple
selection to include several contact methods.

A keyword selection's depth represents how many levels down in the
keyword tree the selection should include.  A keyword selection starts
at what we've been calling the category keyword -- in our example,
"Progress."  This keyword can contain other keywords, which themselves
might contain keywords.  As an example, let's say you wanted to change
our keyword tree to look like this:


  
Jobs
      

        
Progress
            

              
1: Requested interview
              
2: Interviewed once
              
3: Interviewed more than once
                  

                    
3a: Manager interviewed
                    
3b: Peer interviewed
                    
3c: CEO interviewed
                  
              
4: Offer made
              
5: Hired
              
6: Offer rejected
            
      


In this case, if we used "Progress" as our category keyword, and
set a depth of "1," the 3a, 3b, and 3c steps would not be
included in the selection field -- they are two levels deep, so they
would not meet the depth requirement.  If instead we used a depth of
"2" or more, steps 3a, 3b, and 3c would be included in the
selection field.  Another way to include these steps would be to use a
depth "0," which includes all keywords under "Progress," no
matter how deep they are.

Next, we can use the keyword selection in two ways: either we can
add a keyword selection to a single queue, or we can add a keyword
selection to all queues at once.  For our example, our keyword
selection is specific to the 'jobs' queue, so we will add it to that
queue's configuration only.  To do this, we first choose
[Configuration], then [Queues], and then select the
'jobs' queue.  If we had a general keyword selection we wanted to
apply to all of our queues (for instance, "Requestor satisfaction:
Happy, Okay, Unhappy, Unknown") we would instead choose
[Configuration] and then [Global].



Once we have selected the queue to modify (or chosen "Global"), the
next step is to click [Keyword Selections].  Doing this will
bring up a form with which we can add a keyword selection to a queue.
The form uses four fields to configure the keyword selection.  The
first field is the label that will be put above the selection form
field.  In our example above, we used the label "Progress."  (Note that
the label does not need to be a keyword itself -- the label can be any
text you want to use.)  Next, choose between Single and Multiple
selection models, as described above.  We are using "Single" selection
in our example.  Next, choose your category keyword from the
pop-up list of keywords.  This is the keyword that contains the
selections you want to appear in the form.  For our example, we choose
"Jobs/Progress".  Finally, choose the selection depth for the keyword
selection.  We enter '0', which is interpreted as "unlimited depth
beneath the category keyword."  Once these selections are made, hit
the submit button, and the following form should appear:



Your keywords are now enabled.  Go to the 'jobs' queue and open a
ticket, then click on "Keyword Selections."  You should see the
"Progress" keyword selection, and it should contain the six progress
steps entered above, plus the keyword "(empty)," which indicates that
no keyword selection has been made for this ticket.

Once you have entered some keyword selections, go to the search
form and search for the queue 'jobs'.  At the bottom of your results
page, you will see that the 'Progress' keyword is now included as a
search restriction, so you can use the progress step as a term in
searches.  (If you associate a keyword with a queue, the keyword
search form will only appear on searches within that queue.  Global
keyword selections will appear on all search forms.)



Hopefully this tutorial will help you get the most out of keywords
in RT.  Keywords can be an enormous help in adding order and
searchability to a large set of tickets.  If you come up with creative
uses for keywords, send them in to <rt-users@lists.fsck.com>
and let us know what they are!




 



Sample Keyword Tree for IT Support




Since many people use RT for IT support desks the following example is
included to illustrate how keywords can be applied, adapted from one in
use by Rich Lafferty of Ottawa, Canada.

Support staff are trained to always set the keywords on a ticket, even
if they don't have time to write a lot in the notes. This way basic 
sorting and reporting can always be done, giving an idea how time has been
spent and what kinds of requests are arising.

There are two main queues, sysadmin and support, with different
keywords available to a ticket in each. Here are some highlights of 
this tree design:



 The keyword 'Closure reason' saves large amounts of time when compiling
reports on RT activity. For summary purposes there is no longer any need to
plough through the ticket notes. For example, doing a search on the Closure Reason
keyword for 'Done - tranferred responsibility' gives an indication of how often
problems are being fielded that actually belong to some other area.

 The idea of reactive tickets(those that arose through the user getting a surprise, eg a hardware
failure) and planned tickets (where the user is making contact because he
wants somwething to change, eg buying a new computer.)

 Knowledgebase. Articles that have this set to "required" will 
show up in a regular search, and something can then be written for
the Knowledgebase from the ticket notes. This keyword can then be
set to "article written", so it doesn't turn up again.





(root)
  global
  queue
    sysadmin
      closure reason
        Done
        Transferred responsibility elsewhere
        Won't do - not reasonably fixable
        Won't do - not our fault
        Won't do - can't reproduce
      ticket classification
         reactive
          System fault
          User problem
         planned
          New feature request
          Purchase - software
          Purchase - hardware
          Inhouse app1 - user issue
          Inhouse app1 - hardware
          Inhouse app1 - software
        other
    support
      ticket classification
        bug
        handholding / user understanding
        documentation problem
        new feature request
        customization
        billing inquiry
        flat-rate account
      closure reason
        Done
        No support
        Inappropriate
        Bug raised
        Timeout
      Software-version
        5.5, 6000R2
        5.1.2
        5.1.1, 6000R1
        5.0
        4.1.2
        4.1 or prior
      taxonomy
        Server
          Hardware
          Hardware
          Internet connection
          DNS
          Installation - initial configuration
          Local networking
          Users - Groups - Directories
          Fileserver - I-Bays
          Mail
          Webserver
          Proxy
          Printing
          Backup
          Remote Access
          Security
          Customization
          Housekeeping
        ServiceLink
          Partner Zone
          Sync
          Guaranteed Email
          DNS Hosting
          Virus Protection
          VPN
        Blades
          Updates
          Mp3 Jukebox
      knowledge base
        Article Written
        Needs Article





 
 



Performance Tuning




RT can be quite sensitive to bottlenecks and poor optimisation choices, particularly if the number queues is high (for example, greater than 50) or the total number of tickets is large (for example, greater than 100k). Exactly what is 'large' for you depends on many factors. (Someone reported to the rt-users mailing list that they had an installation of WebRT on a Pentium 100 running FreeBSD, so this site would have a very small value for 'large' :-)



A very simple thing to check is the version of RT you are running. If you are well out of date in the current stable series then you should consider upgrading. Upgrading is usually not too painful a job and there are regular improvements in RT's performance gained through better coding.






Database Optimisation


Database tuning is very important. If all your RT tables are indexed correctly, and if transactions are working properly, and whatever regular maintenance your database requires is being carried out then there is a much better chance that RT will run smoothly.






Postgresql




 Version. You should have checked this long ago, but RT is not expected to work with versions of Postgresql less than 7.1.1, or  7.3.0 or higher. It will, after a fashion, but don't be surprised if it doesn't run well.

 Optimisation via queries. This is done using VACUUM, ANALYZE and CLUSTER. VACUUM and CLUSTER change the organisation of rows on the physical media, getting rid of information the database no longer needs.



 Postgresql buffer optimisation. Make sure you have sufficient buffers allocated to your server to contain all of the more static tables (keywords, scripactions, etc.) and some reasonable number of rows from the dynamic tables (tickets, attachments, transactions, etc.). Some moderately intense users find that one week's worth of dynamic table rows does a good job.


 Logging. Turn it down! If you have verbose logging turned up (as you may for testing) you can cause up to four separate writes per interface click.

 Hardware optimisation. Most of this concerns general principles that are common to all RDBMS, however there is a very thorough hardware optimisation document for Postgres by Bruce Momjam at 
http://www.postgresql.org/docs/momjian/hw_performance.pdf







 



MySQL








 
 



Operating System and Environment


The faster your Unix, the faster RT may run (see the other parts of the Performance Tuning section for other factors that contribute to RT speed.) So make sure that your Unix is running well. Use vmstat and iostat (or the equivalents for your OS) to keep an eye on system performance. You'll find a tool such as Netsaint at http://netsaint.org invaluable for keeping ongoing records of key system performance indicators at regular intervals. It even has pretty graphs.



RT needs a responsive Apache/Perl webserver installation. This requires matching to your hardware requirements. If you have a small server, look at tuning Apache with the start servers and spare servers command. If you have large amounts of memory and you're getting lots of simultaneous incoming requests, increase the number of waiting servers.



Watch your logging. Apache and mod_perl can both do a lot of logging if you turn it on, enough to significantly affect performance. If many of your connections are from the Internet you may wish to turn off reverse DNS mapping in Apache.

 If you think you are running tight on resources, have a look at what other services are running. Maybe you don't need them. If this is a critical server and it is heavily loaded, perhaps you need to split the web/perl server out from the database server, because they have different optimisati