Semi-automated installation

Check the install-ng script:

cd fusionforge-5.3.2/
./install-ng

Note: the next FusionForge version will come with an improved install system.

Step by step RPM-based installation process for offline CentOS 6/RHEL 6

This section was written as a summary of one installation process where the server was behind a strict corporate firewall that didn't have access to the net, but could only use official packages from Red Hat EL 6. Therefore, it will be longer than most installations would be, and involve manual downloading of some packages.

Build local packages

• In a checkout of the code (on the Branch_5_3 branch, or from a released tarball), run
  • make -f Makefile.rh fusionforge
  • make -C 3rd-party -f Makefile.rh

Obtain external packages

You'll need some external packages not found in the RHEL 6 repositories (use rpmfind.net to download them):

• cronolog-1.6.2-10.el6.x86_64.rpm
• libnss-pgsql-1.5.0-0.9.beta.fc20.src.rpm
• perl-Sort-Versions-1.5-1.2.el6.rf.noarch.rpm
• php-process-5.3.3-26.el6.x86_64.rpm
• cvsgraph-1.6.1-8.el6.x86_64.rpm
• mediawiki119-1.19.18-1.el6.noarch.rpm
• perl-Text-Autoformat-1.666.0-1.el6.rfx.noarch.rpm
• viewvc-1.1.22-1.el6.noarch.rpm
• git-1.7.3.4-1.el6.rfx.x86_64.rpm
• perl-Git-1.7.3.4-1.el6.rfx.x86_64.rpm
• perl-Text-Reform-1.20-1.el6.rfx.noarch.rpm
• gitweb-1.7.3.4-1.el6.rfx.x86_64.rpm
• perl-Mail-Sendmail-0.79-12.el6.noarch.rpm
• php-mbstring-5.3.3-26.el6.x86_64.rpm

Set up a local repository

• Create a /root/packages/ directory, with noarch, src and x86_64 subdirs.
• Move the *.rpm files generated and downloaded during the previous steps into the appropriate subdir: *.noarch.rpm goes into noarch, and so on.
• Set up the appropriate metadata in the repository:
  • createrepo /root/packages/noarch
  • createrepo /root/packages/src
  • createrepo /root/packages/x86_64
• Reference the local repository: create a /etc/yum.repos.d/local.repo file with the following content:

 [local]
 name=FusionForge-related packages for $basearch
 baseurl=file:///root/packages/$basearch
 enabled=1
 gpgcheck=0
 protect=1
 [localnoarch]
 name=FusionForge-related packages for noarch
 baseurl=file:///root/packages/noarch
 enabled=1
 gpgcheck=0
 protect=1

Install the packages

• Install the external packages first:

 yum install php-pgsql-5.3.3-26.el6 php-common-5.3.3-26.el6 php-gd-5.3.3-26.el6 php-mbstring-5.3.3-26.el6 php-5.3.3-26.el6 php-mysql-5.3.3-26.el6php-xml-5.3.3-26.el6 php-ldap-5.3.3-26.el6 cronolog cvsgraph git-1.7.3.4-1 gitweb-1.7.3.4-1 mediawiki119-1.19.18-1 perl-Git-1.7.3.4-1 perl-Mail-Sendmail perl-Sort-Versions perl-Text-Autoformat perl-Text-Reform php-mbstring-5.3.3-26 php-process-5.3.3-26 viewvc nscd ImageMagick

• Then install the FusionForge packages (be sure to replace the admin password):

 export FFORGE_DB=gforge
 export FFORGE_USER=gforge
 export FFORGE_ADMIN_USER=admin
 export FFORGE_ADMIN_PASSWORD=adminpassword
 yum install -y --skip-broken fusionforge fusionforge-plugin-scmsvn fusionforge-plugin-online_help fusionforge-plugin-authldap fusionforge-plugin-scmgit fusionforge-plugin-blocks fusionforge-plugin-mediawiki

Some configuration

• Create a /etc/gforge/config.ini.d/zzz-local.ini file, with the following content:

 [core]
 ; use_ssl=no
 ; use_shell=yes
 default_language=French
 default_timezone=Europe/Paris
 default_country_code=FR
 forge_name="Your name here"
 use_manual_uploads=no
 [mediawiki]
 src_path=/usr/share/mediawiki119
 allow_uploads=yes
 [scmgit]
 use_ssh=yes
 use_dav=no
 [scmsvn]
 use_ssh=yes
 use_dav=no

See Configuration for details on those variables.

• Some PHP parameters need to be adapted in /etc/php.ini, in particular to allow handling reasonably large files. Note that all three of the following parameters have an impact on the maximal size of uploaded files:

 upload_max_filesize = 50M
 memory_limit = 128M
 post_max_size = 128M

• Generate and install SSL certificates and keys; the location of the related files is referenced in /etc/gforge/httpd.conf.d/ssl-on.inc.
• Disable the default HTTPS virtualhost (to leave only the FusionForge one): in /etc/httpd/conf.d/ssl.conf, uncomment the ServerName line and ensure it points at a different hostname (www.example.com:443 is fine). Restart Apache afterwards (service httpd restart).
• Some symbolic links need to be adapted for gitweb; depending on the version, the packages don't always ship the files in the same location. The following works for version 1.7.3.4-1 of the Git (and related) packages:

 cd /usr/share/gforge/src/plugins/scmgit
 rm gitweb.cgi gitweb.css gitweb.js git-logo.png git-favicon.png
 ln -s /usr/share/gitweb/gitweb.cgi .
 ln -s /usr/share/gitweb/static/* .

• For Mediawiki, you need to configure a list of allowed file extensions for file uploads. This happens in /etc/gforge/plugins/mediawiki/LocalSettings.php:

 $wgFileExtensions = array(’png’, ’gif’, ’jpg’, ’jpeg’,
   ’jp2’, ’webp’, ’ppt’, ’pdf’, ’psd’, ’mp3’, ’xls’,
   ’xlsx’, ’swf’, ’doc’,’docx’, ’odt’, ’odc’, ’odp’,
   ’odg’, ’mpp’);

• Optionnally, configure some initial content for the Mediawikis: on an existing Mediawiki instance, write a few pages, then export them using the Special:Export page. You'll get an XML file; save it as /etc/gforge/plugins/mediawiki/initial-content.xml.

Shell accounts

In order to ensure privilege separation on the server, the Subversion and Git repositories need to be accessed through SSH, with one Unix user corresponding to each FusionForge user. This involves tying the Unix authentication into the FusionForge database, with the libnss-pgsql module. This module must first be installed, then configured.

• Build and install libnss-pgsql:

 yum install -y gcc postgresql-devel xmlto rpm-build
 rpmbuild --rebuild /root/packages/src/libnss-pgsql-*.src.rpm
 yum localinstall -y /root/rpmbuild/RPMS/x86_64/libnss-pgsql-*.x86_64.rpm

• Create a /etc/nss-pgsql.conf file with the following contents:

 #----------------- DB connection
 connectionstring  =  user=gforge dbname=gforge
 #----------------- NSS queries
 getpwnam        = SELECT login AS username,passwd,gecos,('/var/lib/gforge/chroot/home/users/' || login) AS homedir,shell,uid,gid FROM nss_passwd WHERE login = $1
 getpwuid        = SELECT login AS username,passwd,gecos,('/var/lib/gforge/chroot/home/users/' || login) AS  homedir,shell,uid,gid FROM nss_passwd WHERE uid = $1
 #allusers        = SELECT login AS username,passwd,gecos,('/var/lib/gforge/chroot/home/users/' || login) AS homedir,shell,uid,gid FROM nss_passwd
 getgroupmembersbygid = SELECT login AS username FROM nss_passwd WHERE gid = $1
 getgrnam = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid =  nss_groups.gid) AS members FROM nss_groups WHERE name = $1
 getgrgid = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid = nss_groups.gid) AS members FROM nss_groups WHERE gid = $1
 #allgroups = SELECT name AS groupname,'x',gid,ARRAY(SELECT user_name FROM nss_usergroups WHERE nss_usergroups.gid  = nss_groups.gid) AS members FROM nss_groups
 groups_dyn = SELECT ug.gid FROM nss_usergroups ug, nss_passwd p WHERE ug.uid = p.uid AND p.login = $1 AND ug.gid <> $2

• Create a /etc/nss-pgsql-root.conf file with the following contents:

 #----------------- DB connection
 shadowconnectionstring =  user= dbname=gforge
 #----------------- NSS queries
 shadowbyname    = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn,  AS shadow_inact,  AS shadow_expire,  AS shadow_flag FROM nss_passwd  WHERE login = $1
 shadow          = SELECT login AS shadow_name, passwd AS shadow_passwd, 14087 AS shadow_lstchg, 0 AS shadow_min, 99999 AS shadow_max, 7 AS shadow_warn,  AS shadow_inact,  AS shadow_expire,  AS shadow_flag FROM nss_passwd

• Enable usage of libnss-pgsql: in /etc/nsswitch.conf, add "pgsql" on the passwd, shadow and group lines:

 sed -i -e 's/^passwd:.*/passwd: files pgsql/' /etc/nsswitch.conf
 sed -i -e 's/^shadow:.*/shadow: files pgsql/' /etc/nsswitch.conf
 sed -i -e 's/^group:.*/group:  files pgsql/' /etc/nsswitch.conf

• Enable nscd:

 chkconfig nscd on

• If nscd can't use the socket that would allow it to connect to the PostgreSQL database, disable SELinux:

 sed -i -e s/SELINUX=enforcing/SELINUX=permissive/ /etc/selinux/config

(Note that you'll need to reboot after that change.)