![]() |
This page explains how to install ]project-open[ V5.0 on RHEL/CentOS 7 64bit. Please see the discussion thread https://sourceforge.net/p/project-open/discussion/295937/thread/cfa36e81/ on SourceForge.
Last updated: 2020-04-22
Installing ]po[ requires not only Linux expertise but also some time. As a shortcut, you can use our CentOS 7 virtual machine on http://sourceforge.net/projects/project-open/files/project-open/V5.0/ . This virtual machine has been built following the instructions below and has been exhaustively tested.
There is an experimental(!) installer available for Docker that can be downloaded from our SourceForge repository .
Please help us to improve below instructions. To report any bugs please use the SF Community forum . To get professional support please contact us .
Please download CentOS 7 "Minimal Installation" and install with the option "Minimal Install".
After a reboot, login as root an:
To verify network connectivity try to ping some external server, for example:
ping www.google.com
GNOME 3 on CentOS 7 has a number of important issues, so the ]po[ team recommends to switch to KDE:
yum -y group install "KDE Plasma Workspaces" "X Window System" yum -y group install "Graphical Administration Tools" --setopt=group_package_types=mandatory,default,optional yum -y install net-tools setools policycoreutils-python ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target
]po[ will need a number of tools for creating systems integration interfaces.
yum -y group install "Development Tools" --setopt=group_package_types=mandatory,default,optional yum -y group install "Compatibility Libraries" yum -y install vim emacs-nox yum -y install cvs svn git wget libXaw expat expat-devel pango graphviz graphviz-devel ImageMagick yum -y install libdbi-dbd-pgsql openldap-clients openldap-devel mlocate sharutils psmisc
]po[ uses Perl for integration with several external applications:
yum -y install graphviz-perl perl perl-Archive-Tar perl-Archive-Zip perl-CGI perl-CGI-Session yum -y install perl-CPAN perl-CPAN-Changes perl-CPAN-Meta perl-CPAN-Meta-Requirements perl-CPAN-Meta-YAML yum -y install perl-Carp perl-Compress-Raw-Bzip2 perl-Crypt-DES perl-Crypt-OpenSSL-RSA yum -y install perl-Crypt-OpenSSL-Random perl-Crypt-PasswdMD5 perl-Crypt-SSLeay perl-DBD-Pg yum -y install perl-DBD-Pg-tests perl-DBI perl-Data-Dumper perl-DateTime perl-Digest-MD5 yum -y install perl-Encode perl-File-Slurp perl-GSSAPI perl-IO-Socket-IP perl-IO-Socket-SSL yum -y install perl-JSON perl-LDAP perl-LWP-MediaTypes perl-LWP-Protocol-https perl-Net-DNS yum -y install perl-Net-HTTP perl-Net-SSLeay perl-Params-Check perl-Params-Util perl-Params-Validate yum -y install perl-Socket perl-TimeDate perl-WWW-Curl perl-YAML perl-core perl-devel perl-gettext yum -y install perl-libs perl-libwww-perl rrdtool-perl perl-YAML
yum -y install libreoffice libreoffice-headless
Include the user "projop" in group "wheel" in order to allow projop to become root via "sudo su -": Edit /etc/group and add the user "projop" in the line with group "wheel":
wheel:x:10:projop
Edit /etc/profile to add a few personal shortcuts:
alias "l=ls -als" export EDITOR=emacs
Edit /web/projop/.bash_profile and add the following lines:
export CVSROOT=":pserver:anonymous@cvs.project-open.net:/home/cvsroot" export CVSREAD="yes" export CVS_RSH="ssh" export EDITOR=emacs alias "l=ls -als" alias "u=cvs update -PdA > update.stdout 2> update.stderr" export EDITOR=emacs
Include the hostname (project-open-v50 by default) in /etc/hosts as localhost or with it's fixed IP (if it has a fixed IP...):
127.0.0.1 localhost project-open-v50
Please download the following files into your /usr/src/ directory:
Please go through the following steps to create a ]po[ user "projop" and to extract the installer into this user's home directory:
groupadd projop # create a group called "projop" mkdir /web/ # super-directory for all Web servers /web/ by default useradd -d /web/projop -g projop projop # create user "projop" with home directory /web/projop cd /web/projop/ tar xzf /usr/src/web_projop-aux-files.5.0.0.0.0.tgz # extract auxillary files tar xzf /usr/src/project-open-Update-5.0.3.0.0.tgz # extract the ]po[ product source code - latest chown -R projop:projop /web/projop # set ownership to all files cd /usr/local tar xzf /usr/src/naviserver-4.99.8.tgz # extract the NaviServer binary 64 bit
PostgreSQL 9.2 is part of CentOS 7. Please use exactly this version.
Please install the database using:
yum -y install postgresql postgresql-server postgresql-contrib postgresql-devel postgresql-odbc postgresql-docs
Configure PostgreSQL startup:
systemctl enable postgresqlInitialize and start the database:
/usr/bin/postgresql-setup initdb systemctl start postgresql
Create a new database user "projop" and the corresponding database:
su - postgres -c "createuser -s projop" # database user "projop" with admin rights su - projop -c "createdb --encoding=utf8 --owner=projop projop" # new database su - projop -c "createlang plpgsql projop" # enable PlPg/SQL, may already be installed
You can verify your PostgreSQL installation by typing ("\q" or Ctrl-D for exit):
su - projop -c psql
Enter "\q" or press Ctrl-D to exit.
Now import the database dump:
su - projop psql -f ~/pg_dump.5.0.3.0.0.sql > import.log 2>&1
The import can take up to a minute, depending on your system. Please ignore the ~3.500 error messaging showing up at the beginning (that's because the dump contains instructions to drop any stuff that's left in the DB...). In order to verify the import please execute:
su - projop psql -c "select count(*) from users"
.. which should return 198 or a similar number (the number of demo users in the demo company provided as part of the installer).
Please edit the "postgresql.conf" configuration file in /var/lib/pgsql/data/:
Please edit the "pg_hba.conf" configuration file in /var/lib/pgsql/data/:
At the end of the file there should be three uncommented lines:
local all all peer host all all 127.0.0.1/32 trust host all all ::1/128 identThis configuration allows locally running applications (specifically pgAdmin3) to connect to the database without providing a password.
Please modify /web/projop/etc/config.tcl for the following parameters:
set servername "<your_company> \]project-open\[ Server" set homedir /usr/local/ns
You can also modify the http port if you know what you are doing. Please note that the port number has to be above 1024 for permission reasons.
The firewall is enabled by default in CentOS 7, so we will have to punch holes for the ]project-open[ ports 80, 443 and 8000 graphically using system-config-firewall-tui or manually:
firewall-cmd --add-port=80/tcp --permanent firewall-cmd --add-port=443/tcp --permanent firewall-cmd --add-port=8000/tcp --permanent firewall-cmd --reload
Port 8000 is the direct access to the NaviServer. This port is normally not exposed directly to the user, but only via a reverse proxy. So opening this port is optional, but may be interesting if you are running a reverse proxy (NGINX, Pound) on a different system (Web application firewall, ...) that exposes the service to the end user.
/usr/local/ns/bin/nsd -f -t /web/projop/etc/config.tcl -u projop -g projop
]po[ should take a few seconds before the line appears "[...] Notice: nssock: listening on 0.0.0.0:8000".
As a result, you should be able to see 8000 in the list of ports accepting connections:
netstat -nlp | grep 8000
Please point your favorite Web browser to http://localhost:8000/ and login as "sysadmin@tigerpond.com" / "system". You should see a login page (default admin: "sysadmin@tigerpond.com" / "system") or a configuration wizard. Please do not continue here at the moment, because we still need to fix several issues before ]po[ will run as desired.
You can stop the ]po[ server in the terminal window using Ctrl-C.Congratulations, great job!
We now have to automate the startup of NaviServer (the application server of ]project-open[) for production use:
Create a new file /usr/lib/systemd/system/projop.service with the following content:
[Unit] Description=NaviServer Web Server as user projop After=postgresql.service network.target Wants=postgresql.service [Service] Type=forking PIDFile=/web/projop/log/nsd.pid ExecStartPre=/usr/bin/rm -f /web/projop/log/nsd.pid ExecStart=/usr/local/ns/bin/nsd -t /web/projop/etc/config.tcl -u projop -g projop & ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s 9 $MAINPID Restart=always # Restart=on-abort # Restart=on-abnormal KillMode=process [Install] WantedBy=multi-user.target
Please execute the following commands in order to activate the configuration:
systemctl daemon-reload systemctl enable projop.service systemctl start projop.serviceYou can check that NaviServer is running by monitoring it's error file (debugging is switched on by default):
tail -f /web/projop/log/error.log
]project-open[ by default listens on port 8000 and for permission reasons can not listen on port 80. As a workaround you can install a “reverse proxy†server on port 80 that redirects HTTP requests to port 8000.
You can configure Apache for such a purpose, Apsis Pound or or the small Web server ngnix. Ngnix is part of the Red Hat/CentOS 7 distribution system and more convenient than apache2, so this is why we use it by default now. Ngnix is also convenient if you want to run more then one ]po[ or non-]po[ server on your machine, because it allows you to distribute HTTP requests to different back-ends, depending on the HTTP headers etc.
In order to install nginx we need to enable the "epel" repositories with experimental software for CentOS:
yum -y install epel-release yum -y install nginxAssuming that there is no other process listening on port 80 (netstat -nlp | grep 80), please edit /etc/nginx/nginx.conf to look like this (modifying the "server {...}" section):
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 601; types_hash_max_size 2048; default_type application/octet-stream; include /etc/nginx/mime.types; include /etc/nginx/conf.d/*.conf; server { listen 80; location / { # pass all communication to NaviServer on port 8000 proxy_pass http://127.0.0.1:8000; # add information about the original IP proxy_set_header X-Forwarded-For $remote_addr; # upload files to file storage up to 1G client_max_body_size 1024M; } # error_page 500 502 503 504 /err/50x.html; # error_page 404 /err/404.html; # location /err/ { # root /usr/share/nginx/html; # } } }
Then please perform:
systemctl enable nginx systemctl restart nginx netstat -nlp | grep 80
You should now see nginx listening on port 80.
As a next step you need to tell SELinx to allow nginx to create an outgoing connection to port 8000:
Point your browser to http://localhost:80/ in order to cause a "502 Bad Gateway" error (it is important to cause this error!). Please check your firewall configuration if you don't get a "502" error.
Then execute the following commands:
cat /var/log/audit/audit.log | grep nginx | grep denied | audit2allow -M mynginx semodule -i mynginx.pp
Now point your browser again to http://localhost/ and you should see ]po[ in action.
Configuring TLS requires to steps:
In this tutorial, we are going to work with a self-signed certificate for 2. For a production installation please use Let's Encrypt or a similar service.
Here is an alternative nginx.conf configuration with HTTPS support, redirecting from HTTP (port 80) to HTTPS (port 443):
user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 601; types_hash_max_size 2048; default_type application/octet-stream; include /etc/nginx/mime.types; include /etc/nginx/conf.d/*.conf; server { listen 80; return 301 https://$host$request_uri; } server { listen 443 ssl default_server; ssl_certificate /etc/nginx/certificate.crt; ssl_certificate_key /etc/nginx/certificate.key; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; location / { proxy_pass http://127.0.0.1:8000; proxy_set_header X-Forwarded-For $remote_addr; client_max_body_size 1024M; } # error_page 500 502 503 504 /err/50x.html; # error_page 404 /err/404.html; # location /err/ { # root /etc/nginx/err; # } } }
Please execute the following commands as user root:
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/nginx/certificate.key -out /etc/nginx/certificate.crt
Now OpenSSL will ask you about the data of the certificate. Here we will use the following example for a certificate supposed to be for ]project-open[ Business Solutions, S.L.:
Then restart nginx:
systemctl restart nginx
You can automate a daily ]po[ backup using our default export-dbs script. Please copy the script (please follow the link for source code) into the file /root/bin/export-dbs. Mark the script as executable, create default backup directories and execute the script:
mkdir /var/backup # create a global backup directory chown projop:postgres /var/backup # allow projop & PostgreSQL to write backups chmod g+w /var/backupAutomate the backup by adding the following lines to your crontab:mkdir /var/log/backup # create directory for DB related logs chown postgres:postgres /var/log/backup # allow projop & PostgreSQL to write chmod g+w /var/log/backupchmod ug+x /root/bin/export-dbs # mark backup script as executable perl /root/bin/export-dbs # execute backup script
29 3 * * * /usr/bin/perl /root/bin/export-dbs > /var/log/postgres/export-dbs.log 2>&1 24 3 * * * /usr/bin/find /var/backup -name '*.tgz' -mtime +6 | xargs rm 25 3 * * * /usr/bin/find /var/backup -name '*.bz2' -mtime +6 | xargs rm
GraphViz creates GIF and PNG images from textual descriptions. ]po[ uses GraphViz to visualize the state of workflows and similar purposes.
To fix/enable GraphViz, please create a symbolic link for the "dot" tool:
cd /usr/local/bin/ ln -s /usr/bin/dot
]po[ by default uses Postfix to send out notification emails. To install please use:
yum -y install postfix postfix-perl-scripts mailx
You can test your email configuration by sending out a test email to yourself:
echo "test email body" | mail -s "Test Email Subject" <you@your_domain.com>
Then have a look at the last lines of /var/log/maillog
tail -n 20 /var/log/maillog
You may have to configure a Postfix "relayhost" pointing to your corporate SMTP server or simiar. Please check configure-external-smtp-server for more details.
For a development server you may want to configure a local delivery of all email to the local root account for debugging purposes.
In this case please edit your /etc/postfix/main.cf and add the following three lines:
luser_relay = root@localhost local_recipient_maps = mydestination = pcre:/etc/postfix/mydestinations
Then create the file /etc/postfix/mydestinations and add a single line:
/.*/ ACCEPTThen restart Postfix using systemctl restart postifx .
(The solution was taken from this discussion thread .)
]po[ includes a long list of integration links with external systems including Microsoft Active Directory, SAP FI, SAP PS, Microsoft Navision NAV, SQL-Ledger, SugarCRM, vTiger, Atlassian Jira, TaskJuggler, OCS Inventory NG, CVS, SVN Subversion, Git, Email, and others. Most of these integration links use Perl and Perl libraries as interfaces. Therefore you will need to have working versions of a number of Perl modules installed on your system.
There are two steps necessary in order to install these Perl libraries:
Most Perl libraries are available from the standard CentOS and "EPEL" repositories as RPMs and installable via YUM. First you need to add the EPEL repositories, if you didn't do this already:
yum -y install epel-release
After that, you can install additional Perl packages:
yum -y install perl-MIME-tools yum -y install perl-Path-Class yum -y install perl-IO-Socket-INET6
Finally, you will have to manually compile and deploy some Perl libraries that are not available as part of CentOS for whatever reasons.
So we will have to pursue a somehow dirty method here and install the additional Perl packages in system folders that are managed by YUM. In order to do so, we will need to configure CPAN to use the system folders.
1. Cleanup any files from previous installations
2. Start CPAN as user "root":
cpan
CPAN should write out a page or two of text, select the closest mirror for you and then enter interactive with command prompt waiting for commands. Please enter:
cpan[1]> install IO::Socket::PortState # follow defaults by pressing <Enter> if needed cpan[3]> quit
Please observe upper/lower case in the commands above.
Now copy PortState.pm to the Perl5 library:
cp /usr/local/share/perl5/IO/Socket/PortState.pm /usr/share/perl5/vendor_perl/IO/Socket/
This action actually breaks the YUM package system because PortState.pm will remain unmaintained in a YUM controlled directory. However, there have been no practical solution yet coming from discussions with the RHEL/CentOS maintainers for this library which is not available as a RPM.
The following steps cleanup data after a successfull installation. These steps are not necessary for production operation.
Cleanup ]po[ log files:
cd /web/projop/log rm *
Cleanup Projop "Desktop" files:
cd /web/projop/Desktop rm -r *
Cleanup YUM files:
yum clean all
Cleanup /tmp:
cd /tmp <delete unnecessary files>
Cleanup /var/tmp:
cd /var/tmp rm -r abrt rm -r kdecache-projop
Cleanup /var/spool:
cd /var/spool du -sk * <delete unnecessary files>
Cleanup /var/log:
cd /var/log rm * du -sk * <delete unnecessary files> systemctl restart rsyslog.service
Cleanup history files:
rm /root/.bash_history rm /web/projop/.bash_history rm /web/projop/.psql_history
Erase the disk with zeros for better compression of the VM. Please note that the first "dd" command will fail with an "No space left on device" error. Please make sure the PostgreSQL database is not active:
dd bs=1M count=1000000 if=/dev/zero of=/zero rm /zero
Run SysConfig -> "Disable everything except SysConfig" in order to prepare the machine for delivery.
Please see http://www.project-open.com/en/list-integration-links for a list of supported integration links with other software packages.
Did you encounter any issues? Did you successfully install ]project-open[?
Please let us know for what purpose you want to use ]project-open[, and we provide you with half a day of free training or consulting if we publish a Success Story together.
If you found an issue please:
Calle Aprestadora 19, 12o-2a
08902 Hospitalet de Llobregat (Barcelona)
Spain
Tel Europe: +34 609 953 751
Tel US: +1 415 200 2465
Mail: info@project-open.com