![]() |
This page explains how to install ]project-open[ V5.1 on RHEL/CentOS 8 64bit. Please see the discussion thread https://sourceforge.net/p/project-open/discussion/295937/thread/4b705d885c/ on SourceForge.
Installing ]po[ requires not only Linux expertise but also some time. As a shortcut, you can use our CentOS 8 virtual machine on http://sourceforge.net/projects/project-open/files/project-open/V5.1/ . This virtual machine has been built using the instructions below and has been exhaustively tested.
Please help us to improve below instructions. To report any bugs please use the SF Community forum . To get professional support please contact us .
Please download "CentOS-8.2.2004-x86_64-dvd1.iso" or higher and install with the option "Server with GUI".
After a reboot, login as root and configure the network if you haven't done this before already:
To verify network connectivity try to ping some external server, for example:
ping www.google.com
Execute as root:
yum -y install epel-release yum -y install dnf-plugins-core yum -y config-manager --set-enabled PowerTools
When running CentOS as a VMware virtual machine please install the VMware guest tools:
Execute as root:
yum -y install open-vm-tools
For personal taste, I tend to install "Dash to Panel":
With Firefox in CentOS 8 navigate to https://extensions.gnome.org/extension/1160/dash-to-panel/ , enable/install the Firefox Gnome extension and switch on the blue button on the top right.
As an alternative, go to CentOS 8 Settings and choose: Software -> All -> Search -> "Dash to Panel". Then click on "Extension Settings" to review. I usually set Style -> Panel Size to 32.
]po[ will need a number of tools for creating systems integration interfaces.
yum -y group install "Development Tools" --setopt=group_package_types=mandatory,default,optional yum -y group install "System Tools" yum -y install vim emacs-nox yum -y install cvs svn git wget libXaw expat expat-devel pango graphviz yum -y install openldap-clients openldap-devel mlocate psmisc
]po[ uses Perl for integration with several external applications:
yum -y install perl perl-Archive-Tar perl-Archive-Zip perl-CGI yum -y install perl-CPAN perl-CPAN-Meta perl-CPAN-Meta-Requirements perl-CPAN-Meta-YAML yum -y install perl-Carp perl-Compress-Raw-Bzip2 perl-Crypt-OpenSSL-RSA yum -y install perl-Crypt-OpenSSL-Random perl-DBD-Pg yum -y install perl-DBI perl-Data-Dumper perl-Digest-MD5 yum -y install perl-Encode perl-File-Slurp perl-GSSAPI perl-IO-Socket-IP perl-IO-Socket-SSL yum -y install perl-JSON perl-LWP-MediaTypes perl-LWP-Protocol-https perl-Net-DNS yum -y install perl-Net-HTTP perl-Net-SSLeay perl-Params-Check perl-Params-Util yum -y install perl-Socket perl-TimeDate perl-YAML perl-core perl-devel yum -y install perl-libs perl-libwww-perl rrdtool-perl perl-YAML
]po[ PDF generation functions use OpenOffice "headless" in order to convert ODT templates to PDF::
yum -y install libreoffice-headless
At the time of writing (2020-11-10) there are issues with SELinux blocking certain operations of ]po[.
Previous versions of ]po[ were able to work together with SELinux, so this is probably a temporary issue.
To disable SELinux please edit the /etc/selinux/config as root and set:
SELINUX=disabled
You need to reboot your system with "reboot".
We won't need the virtualization features, so we can disable it:
systemctl stop libvirtd systemctl disable libvirtd
You need to reboot your system with "reboot" in order to activate the change.
We want to add a ]po[ logo to the CentOS 8 background. Create modified versions of the PNG files referenced in /usr/share/backgrounds/c8/default-hue-6.xml and save them in /usr/share/backgrounds/po/. Here is a tar with the po-background.tgz modified images and here is how the <file> section of default-hue-6.xml should look like afterwards:
<file> <!-- Wide 16:9 --> <size width="1920" height="1080">/usr/share/backgrounds/po/po-tv-wide.png</size> <!-- Wide 16:10 --> <size width="1920" height="1200">/usr/share/backgrounds/po/po-wide.png</size> <!-- Standard 4:3 --> <size width="2048" height="1536">/usr/share/backgrounds/po/po-standard.png</size> <!-- Normalish 5:4 --> <size width="1280" height="1024">/usr/share/backgrounds/po/po-normalish.png</size> </file>
As user "root", please create a new group and user "projop":
mkdir /web groupadd projop useradd -m -g projop -d /web/projop/ projop
Include the user "projop" in group "wheel" in order to allow projop to become root via "sudo su -": Edit /etc/group and add the user "projop" in the line with group "wheel":
wheel:x:10:projop
Edit /etc/profile to add a few personal shortcuts:
alias "l=ls -als" export EDITOR=emacs
Edit /web/projop/.bashrc and add the following lines:
alias "l=ls -als" export EDITOR=emacs
# Include the hostname (project-open-v51 by default) in /etc/hosts as localhost or with it's fixed IP (if it has a fixed IP...):
127.0.0.1 localhost project-open-v51
Please login as user "projop" and download the installer-linux GIT repo:
su - projop git clone https://gitlab.project-open.net/project-open/installer-linux.git cd ~/installer-linux mv * ../ mv .ba* ../ mv .gi* ../ mv .pg* ../ cd ~ rmdir installer-linux
]project-open[ consists of >200 "packages" that reside in the ~/packages/ folder. Please execute as user "projop":
su - projop cd ~/packages bash ~/bin/git-clone-vanilla
The git-clone-vanilla.sh will use GIT to clone about 120 standard packages that together make up the ]project-open[ product.
As user "root" copy the NaviServer from the installer in ~projop/ns/ to /usr/local/ns/:
su - cd /usr/local mv ~projop/ns . chown -R root:root /usr/local/ns
PostgreSQL 10 is part of CentOS 8.2. Please only use 10.x (with x >= 15). Other versions of PostgreSQL will produce errors.
Please install the database as user "root" using:
yum -y install postgresql postgresql-server postgresql-contrib postgresql-devel postgresql-odbc postgresql-docs
Initialize and start the database:
/usr/bin/postgresql-setup --initdb --unit postgresql systemctl start postgresql
Configure PostgreSQL startup:
systemctl enable postgresql
Create a new database user "projop" and the corresponding database:
su - postgres -c "createuser -s projop" # new database user "projop" with admin rights su - postgres -c "createdb --encoding=utf8 --owner=projop projop" # new database
You can verify your PostgreSQL installation by typing:
su - projop -c psql
Enter "\q" or press Ctrl-D to exit.
Now import the database dump as user "projop"
su - projop gzip -d ~/pg_dump.vanilla.sql.gz psql -f ~/pg_dump.vanilla.sql > import.log 2>&1
The import can take up to a few minutes, depending on your system. Please ignore the ~3.500 error messaging showing up at the beginning (that's because the dump contains instructions to drop any data that's left in the DB...). You can also ignore any error messages containing a "$libdir/tsearch2". In order to verify the import please execute:
su - projop psql -c "select count(*) from users;"
.. which should return "197".
Optional: PostgreSQL Performance Optimization: Edit the "postgresql.conf" configuration file in /var/lib/pgsql/data/ as user "postgres":
You need to restart the database as root in order to activate changes:
su - systemctl restart postgresql
Please modify ~/etc/config.tcl as user "projop" and check/modify the following parameters:
set httpport 8000 set hostname "project-open.yourdomain.com" set servername "\]project-open\[ V5.1 for YourCompany"
You can also modify the http port if you know what you are doing. Please note that the port number has to be above 1024 for permission reasons.
The firewall is enabled by default in CentOS 7, so we will have to punch holes for the ]project-open[ ports 80, 443 and 8000 graphically using system-config-firewall-tui or manually:
su - firewall-cmd --add-port=80/tcp --permanent firewall-cmd --add-port=443/tcp --permanent firewall-cmd --add-port=8000/tcp --permanent firewall-cmd --reload
Port 8000 is the direct access to the NaviServer. This port is normally not exposed directly to the user, but only via a reverse proxy. So opening this port is optional, but may be interesting if you are running a reverse proxy (NGINX, Pound) on a different system (Web application firewall, ...) that exposes the service to the end user.
As user "root":
/usr/local/ns/bin/nsd -f -t /web/projop/etc/config.tcl -u projop -g projop
]po[ should take a few seconds before the line appears "[...] Notice: nssock: listening on 0.0.0.0:8000".
As a result, you should be able to see 8000 in the list of ports accepting connections:
netstat -nlp | grep 8000
Please point your favorite Web browser to http://localhost:8000/ and login as "sysadmin@tigerpond.com" / "system". You should see a login page (default admin: "sysadmin@tigerpond.com" / "system") or a configuration wizard. Please do not continue here at the moment, because we still need to fix several issues before ]po[ will run as desired.
You can stop the ]po[ server in the terminal window using Ctrl-C.
Congratulations, great job!
We now have to automate the startup of NaviServer (the application server of ]project-open[) for production use:
Create a new file /usr/lib/systemd/system/po@.service with the following content:
[Unit] Description=Project Open as user %I After=postgresql.service network.target Wants=postgresql.service [Service] Type=forking PIDFile=/web/%i/log/nsd.pid ExecStartPre=/usr/bin/rm -f /web/%i/log/nsd.pid ExecStart=/usr/local/ns/bin/nsd -t /web/%i/etc/config.tcl -u %i -g %i & ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s 9 $MAINPID Restart=always KillMode=process [Install] WantedBy=multi-user.target
Please execute the following commands in order to activate the configuration:
systemctl daemon-reload systemctl enable po@projop systemctl start po@projop
You can check if NaviServer is running by monitoring it's error file (debugging is switched on by default):
tail -f /web/projop/log/error.log
]project-open[ by default listens on port 8000. We install NGINX as a reverse proxy to listen on ports 80 and 443, handle SSL and redirect to port 8000. Ngnix is also convenient if you want to run more then one ]po[ on your machine, allowing to route requests to multiple back-ends.
In order to install nginx we need to enable the "epel" repositories with experimental software for CentOS:
yum -y install epel-release yum -y install nginx
Please paste the following into /etc/nginx/nginx.conf (remove any existing "server" configuration):
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; types_hash_max_size 2048; default_type application/octet-stream; include /etc/nginx/mime.types; include /etc/nginx/conf.d/*.conf; # Increase timeout for slow pages to 10 minutes keepalive_timeout 601; proxy_send_timeout 601; proxy_read_timeout 601; fastcgi_send_timeout 601; fastcgi_read_timeout 601; }
Add a drop-in for your server in /etc/nginx/conf.d/projop.conf:
server { listen 80 default_server; listen 443 ssl default_server; # Uncomment in order to respond only to one specific server name: # server_name project-open.*; # Redirect to back-end server via HTTP location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header Host $host; client_max_body_size 1024M; } # RSA certificate ssl_certificate /etc/nginx/certificates/fullchain.pem; ssl_certificate_key /etc/nginx/certificates/privkey.pem; # Handle errors error_page 500 502 503 504 /err/50x.html; error_page 404 /err/404.html; location /err/ { root /etc/nginx/html; } location /.well-known/ { root /etc/nginx/html; } rewrite_log on; # Redirect non-HTTPS traffic to HTTPS if ($scheme != "https") { return 301 https://$host$request_uri; } }
Create a self-signed certificate (you may later replace this by a certificate from Let's Encrypt or similar):
mkdir /etc/nginx/certificates openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/certificates/privkey.pem -out /etc/nginx/certificates/fullchain.pem
Now OpenSSL will ask you about the data of the certificate. Here we will use the following example for a certificate supposed to be for ]project-open[ Business Solutions, S.L.:
Start NGINX and configure to automatically startup:
systemctl enable nginx systemctl start nginx
You should now see nginx listening on ports 80 and 443:
netstat -nlp | grep 80 netstat -nlp | grep 443
Let's Encrypt provides you with free SSL certificates, if your ]po[ server is directly accessible from the Internet.
]po[ is designed to work directly in the Internet, and even large corporations use ]po[ this way. However, such a configuration requires a support contract in order to keep ]po[ updated if security issues appear.
Install certbot:
yum -y install python3-certbot-nginx
The following line should be sufficient If your server is accessible from the Internet:
certbot --nginx -d project-open.your-domain.com
For more options please see the certbot documentation .
Tell SELinux to allow nginx to create an outgoing connection to port 8000:
Point your browser to http://localhost:80/ in order to cause a "502 Bad Gateway" error (it is important to cause this error!). Please check your firewall configuration if you don't get a "502" error.
Then execute the following commands:
cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx semodule -i mynginx.pp
Now point your browser again to http://localhost/ and you should see ]po[ in action.
You can automate a daily ]po[ backup using our export-dbs script. Please copy the script (please follow the link for source code) into the file /root/bin/export-dbs. Mark the script as executable, create default backup directories and execute the script:
mkdir /var/backup # create a global backup directory chown projop:postgres /var/backup # allow projop & PostgreSQL to write backups chmod g+w /var/backup
mkdir /var/log/postgres # create directory for DB related logs chown postgres:postgres /var/log/postgres # allow projop & PostgreSQL to write chmod g+w /var/log/postgres chmod ug+x /root/bin/export-dbs # mark backup script as executable perl /root/bin/export-dbs # execute backup script manually for testing
Automate the backup by adding the following lines to your crontab:
29 3 * * * /usr/bin/perl /root/bin/export-dbs > /var/log/postgres/export-dbs.log 2>&1 24 3 * * * /usr/bin/find /var/backup -name '*.tgz' -mtime +6 | xargs rm -f 25 3 * * * /usr/bin/find /var/backup -name '*.bz2' -mtime +6 | xargs rm -f
n action.
ToDo: Copy crontab from reference servers
GraphViz creates GIF and PNG images from textual descriptions. ]po[ uses GraphViz to visualize the state of workflows and similar purposes.
To fix/enable GraphViz, please create a symbolic link for the "dot" tool:
cd /usr/local/bin/ ln -s /usr/bin/dot
If you should get an error saying "gif is not supported" or similar, then you will have to install the GD extension of GraphViz:
cd /usr/src/ wget http://mirror.centos.org/centos/8/PowerTools/x86_64/os/Packages/graphviz-gd-2.40.1-40.el8.x86_64.rpm rpm -i graphviz-gd-2.40.1-40.el8.x86_64.rpm
We have made a copy of this RPM in case it should disappear.
]po[ by default uses Postfix to send out notification emails. To install please use:
yum -y install postfix postfix-perl-scripts mailx
You can test your email configuration by sending out a test email to yourself:
echo "test email body" | mail -s "Test Email Subject" <you@your_domain.com>
Then have a look at the last lines of /var/log/maillog
tail -n 20 /var/log/maillog
You may have to configure a Postfix "relayhost" pointing to your corporate SMTP server or similar.
For a development server you may want to configure a local delivery of all email to the local root account for debugging purposes.
In this case please edit your /etc/postfix/main.cf and add the following three lines:
luser_relay = root@localhost local_recipient_maps = mydestination = pcre:/etc/postfix/mydestinations
Then create the file /etc/postfix/mydestinations and add a single line:
/.*/ ACCEPT
Then restart Postfix using systemctl restart postifx .
(The solution was taken from this discussion thread .)
]po[ includes a long list of integration links with external systems including Microsoft Active Directory, SAP FI, SAP PS, Microsoft Navision NAV, SQL-Ledger, SugarCRM, vTiger, Atlassian Jira, TaskJuggler, OCS Inventory NG, CVS, SVN Subversion, Git, Email, and others. Most of these integration links use Perl and Perl libraries as interfaces. Therefore you will need to have working versions of a number of Perl modules installed on your system.
There are two steps necessary in order to install these Perl libraries:
Most Perl libraries are available from the standard CentOS and "EPEL" repositories as RPMs and installable via YUM. First you need to add the EPEL repositories, if you didn't do this already:
yum -y install epel-release
After that, you can install additional Perl packages:
yum -y install perl-MIME-tools yum -y install perl-Path-Class yum -y install perl-IO-Socket-INET6
Finally, you will have to manually compile and deploy some Perl libraries that are not available as part of CentOS for whatever reasons.
So we will have to pursue a somehow dirty method here and install the additional Perl packages in system folders that are managed by YUM. In order to do so, we will need to configure CPAN to use the system folders.
1. Cleanup any files from previous installations
2. Start CPAN as user "root":
cpan
CPAN should write out a page or two of text, select the closest mirror for you and then enter interactive with command prompt waiting for commands. Please enter:
cpan[1]> install IO::Socket::PortState # follow defaults by pressing <Enter> if needed cpan[3]> quit
Please observe upper/lower case in the commands above.
Now copy PortState.pm to the Perl5 library:
cp /root/.local/share/.cpan/build/IO-Socket-PortState-0.03-0/PortState.pm /usr/share/perl5/vendor_perl/IO/Socket/
This action actually breaks the YUM package system because PortState.pm will remain unmaintained in a YUM controlled directory. However, there have been no practical solution yet coming from discussions with the RHEL/CentOS maintainers for this library which is not available as a RPM.
pgAdmin is an administration and management tool for PostgreSQL.
The following commands will install the software:
cd /usr/src/ wget https://ftp.postgresql.org/pub/pgadmin/pgadmin4/yum/pgadmin4-redhat-repo-1-1.noarch.rpm rpm -i pgadmin4-redhat-repo-1-1.noarch.rpm yum install pgadmin4-desktop
For setting up the connection please use:
The following steps cleanup data after a successfull installation. These steps are not necessary for production operation.
cd /web/projop/log rm *
cd /web/projop/Desktop rm -r *
yum clean all
cd /tmp <delete unnecessary files>
cd /var/tmp rm -r abrt rm -r kdecache-projop
cd /var/spool du -sk * <delete unnecessary files>
cd /var/log rm * du -sk * <delete unnecessary files> systemctl restart rsyslog.service
rm /root/.bash_history rm /web/projop/.bash_history rm /web/projop/.psql_history
dd bs=1M count=1000000 if=/dev/zero of=/zero rm /zero
Please see available updates. Please read the forum and other sources in order to see if it is necessary to upgrade. Please see the V5.0 release notes for information on known issues.
Please see http://www.project-open.com/en/list-integration-links for a list of supported integration links with other software packages.
The following steps are for preparing the virtual machine installer. We'll create a ZIP of the virtual machine (for both Linux and Windows users) and upload the release to SourceForge FRS:
# yum clean all # rm /var/tmp/* # rm /web/projop/filestorage/backup/* # rm /tmp/* # rm /var/backup/* # rm /web/projop/logs/* # rm /web/projop/filestorage/backup/* # xfs_sfr (defrag xfs file system) # dd if=/dev/zero of=wipefile bs=1M; sync; rm wipefile # vmware-toolbox-cmd disk shrinkonly
Please check that the keyboard is switched to English.
cd ~/VMware zip -r -9 project-open-VMware-Community-5.1.X.Y.Z.zip README.txt LICENSE.txt project-open-v51 scp -i ~/.ssh/fraber@shell.sf.net project-open-VMware-Community-5.1.X.Y.Z.zip fraber,project-open@frs.sourceforge.net:/home/frs/project/project-open/project-open/V5.1/
Did you encounter any issues? Did you successfully install ]project-open[?
Please let us know for what purpose you want to use ]project-open[, and we provide you with half a day of free training or consulting if we publish a Success Story together.
If you found an issue please:
Calle Aprestadora 19, 12o-2a
08902 Hospitalet de Llobregat (Barcelona)
Spain
Tel Europe: +34 609 953 751
Tel US: +1 415 200 2465
Mail: info@project-open.com