FamousPhil.com -- Home My Calendar Youtube LinkedIn Facebook MySpace Twitter RSS Blog Feed

Blog Navigation

Recommended

Latest Activity

Scaling a SNMP Version 3 trap receiver using Java

Phil explains how to write a scalable SNMP Trap and Inform message receiver in Java using SNMP4J. He also explains what SNMP is and surrounding ideas such as TCP and UDP.



Installing Gitorious on CentOS 5.6 x64

There are many reasons why you might be reading this post, but likely, you’re trying to figure out how to install this complex heap of code (that has its root node removed, no doubt, ha ha).  If you didn’t get my last joke, I feel sorry for you, but the show must go on.

Gitorious is an open source repository management system similar to Trac on SVN.  The software looks really nice (gitorious.org), and it has a lot of built in features for managing git repositories.  For those of you who are not familiar with coding, code repositories are often set up to enable many coders to work on the same project simultaneously (different portions of course).  Repositories also enable versioning so that you can easily revert to an older copy of your code base if something breaks along the way.  Repositories are often centralized so that only a single location has to be backed up, in this case Gitorious centralizes git repositories.

Truthfully, there are three memorable software programs that have been notoriously difficult to install and configure in my experience, these are as follows:

  • Shibboleth- I never did successfully install this myself, this was because I was asked to help a friend install it over the phone.  I don’t work well when I can’t see the problem and play with stuff, I test hunches, and doing it with this method would have taken way too long.  From what I’ve seen of Shibboleth, I would rate this as worst of the worst programs to install.
  • Gitorious – This is probably the second worst application I’ve ever installed.  It required a lot of research and resources since it is poorly documented and requires a lot of Ruby Gems to operate successfully.  Of course, I will hopefully document it a little more today!
  • Exchange – I wish I would have documented the install of my Exchange server internally so I could have shared it here.  Exchange isn’t awful to install, but the configuration of Exchange is very tricky and there are many gotchas.  This is why I place it as the best of the worst software programs to install.

With all of the above said, the installation process of gitorious isn’t for the leisure system administrator to install.  This took me approximately 3 days of research to successfully install and understand.  I installed it on a separate system only because I didn’t want it hurting any of my existing production systems.  In the end, I’m glad I did this because I learned that Ruby isn’t very memory efficient and this application easily eats up most of the 1GB of ram allocated to it in a VPS (Virtual Private Server).  And with this said, I invite you to continue reading if you really want to know how to install this software.

Update 6/14: After a few requests, I’ve decided that I will provide a Gitorious installation service on your CentOS server.  I will be happy to install Gitorious and make it work (as described below) for a one time paypal payment of $100.  For details, contact me directly (see my contact page).

LAST UPDATE: 6/8/2011 – Suggestions from Gitorious Discussion Group

Before I begin, I’d like to note that although I used OpenVZ for my deployment of Gitorious, it should work on Xen and other platforms  (even dedicated servers).  I say should because I originally deployed this on Amazon Web Services, and the installation process had a few changes here and there (due to errors with package dependencies, etc) when I finally moved it over to OpenVZ.  The procedure below was used for an OpenVZ machine as detailed below.  Finally, my last note is that you can expect this installation process to take roughly an hour or two to complete as a lower bound (provided everything goes well).

I decided to use a VPS from chicagovps to host this software program because of a good past experience with them.  Although I normally bash OpenVZ virtualization (with really good reasons because Xen is better), I chose to use OpenVZ since it is typically faster and I wanted performance.  OpenVZ doesn’t have swap space, and its memory management isn’t that great, so in the end, applications can use almost 3x the amount of memory on OpenVZ VPS containers compared to running on equivalent Xen containers.  I can easily see Xen requiring less than 384MB of dedicated Ram for Gitorious.  On OpenVZ, I strongly suggest not getting less than 1GB of dedicated memory.  With ChicagoVPS, I got the professional package, and my memory usage hovers around 800MB for this install.  For the Operating System, I chose the CentOS 5.5 x64 template and using yum update, the operating system became CentOS 5.6.  Everything below is performed as root unless otherwise noted.

The first thing that I did was set my DNS to have 2 A-records pointing to the hostname of my server (string.matthouse.us), and another that points to the future Gitorious website URL (git.matthouse.us).  After that was done, I logged into the VPS and set up public keys for the root account to make logging into the machine easier in the future.  I’ve written two blogs about public key authentication, so I won’t detail this portion of the process (that’s optional anyways).  I’d also recommend setting up a secure root password (also mentioned sometime in the past).

Next, I’d recommend disabling SELinux if it is enabled, thankfully, on VPS nodes, its typically disabled out of the box.  If you’re on Xen, you might want to make and enable a swap file (which I detailed on my AWS install of Tomcat blog).  The next step is to execute the following commands, which remove common packages that you won’t need and turn off common services which you won’t use.  In this stack of commands, you will also need to edit the SSH configuration to disable DNS lookups, which in my experience speeds up the login process to SSH by a lot!

yum remove -y samba-common bind-libs dnsmasq portmap postgresql-libs nscd
service atd stop
chkconfig atd off
service nfslock stop
chkconfig nfslock off
service rpcidmapd stop
chkconfig rpcidmapd off
service bluetooth stop
chkconfig bluetooth off
service anacron stop
chkconfig anacron off
service gpm stop
chkconfig gpm off
service hidd stop
chkconfig hidd off
service pcscd stop
chkconfig pcscd off
service portmap stop
chkconfig portmap off
service avahi-daemon stop
chkconfig avahi-daemon off
service pcscd stop
chkconfig pcscd off
service sendmail start
chkconfig sendmail on
vim /etc/ssh/sshd_config
#uncomment UseDNS and change to no
UseDNS no

service sshd restart

Next, we need to enable the RPMForge repository.  I enable the EPEL and REMI repositories later on, but at this point, if those are enabled, you will hit a certain known bug with MySQL that has yet to be fixed by CentOS.


http://rpmrepo.org/RPMforge/Using

wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el5.rf.i386.rpm
rpm -ivh rpmforge-release-0.5.2-2.el5.rf.i386.rpm

Now lets update the system and install some required packages.  This should take roughly 10 or 15 minutes.

yum update -y
yum groupinstall -y "Development tools" "Development Libraries"
yum install -y git-core git-svn java-1.6.0-openjdk vim-* apg pcre pcre-devel zlib zlib-devel libyaml-devel GeoIP-devel sphinx mysql-devel mysql-server mysql

 

At this point, I configure MySQL before adding other software that triggers bugs with its initial setup phase.

service mysqld start
/usr/bin/mysql_secure_installation

 

In the secure installation, I set the root password of MySQL to something tricky and I answer yes to all of the prompts.

The next step is to add some configuration to the my.cnf file to minimize the footprint of MySQL (which will still use a lot of memory on OpenVZ).

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
user=mysql
old_passwords=1
max_connections = 5
key_buffer = 1K
read_buffer_size = 1K
max_allowed_packet = 512K
thread_stack = 16K
table_cache = 32
sort_buffer = 16K
net_buffer_length = 1K
thread_stack = 4K
query_cache_type = 1
query_cache_limit = 1K
query_cache_size = 1K
innodb_buffer_pool_size = 1K
innodb_additional_mem_pool = 1K
# Disabling symbolic-links is recommended to prevent assorted security risks;
# to do so, uncomment this line:
# symbolic-links=0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid

 

At this point, lets restart mysql.

service mysqld restart

 

Now let’s install Ruby Enterprise Edition.  The enterprise version of Ruby is still free, but it uses older, more stable components of Ruby, it’s also focused towards memory conservation (although it still compares to Java’s memory appetite).  I would strongly recommend not using any other version/distribution of Ruby since I found many compatibility errors that caused me to have to start all over again many times!  Remember that # is a comment and the command line will NOT process the command.

#- get latest stable ruby enterprise (the rubylang 1.9 branch will not work properly)
#-http://www.rubyenterpriseedition.com/download.html
wget http://rubyenterpriseedition.googlecode.com/files/ruby-enterprise-1.8.7-2011.03.tar.gz
tar xzf ruby-enterprise-1.8.7-2011.03.tar.gz
cd ruby-enterprise-1.8.7-2011.03
./installer
#(accept the defaults, 2 prompts will come up)

 

Next, we need to configure ruby and path variables.  Follow the comments in my notes.

cd /opt
ln -s ruby-enterprise-1.8.7-2011.03 ruby
vim /etc/profile

#add the following to /etc/profile [ "$EUID" = "0" ]
pathmunge /opt/ruby/bin
export RAILS_ENV=production
export PATH=/usr/local/sphinx/bin:/usr/local/bin:$PATH
export _JAVA_OPTIONS=-Xmx64m
export MAGICK_HOME=/usr/local
export DYLD_LIBRARY_PATH=/usr/local/lib

 

Strange enough, later on, another bug will surface where the profile isn’t read to setup these paths and options.  Therefore, I also added the following to my internal documentation install script.

vim /etc/bashrc
#add to the very bottom

pathmungea () {
                if ! echo $PATH | /bin/egrep -q "(^|:)$1($|:)" ; then
                        if [ "$2" = "after" ] ; then
                                PATH=$PATH:$1
                        else
                                PATH=$1:$PATH
                        fi
                fi
        }
pathmungea /opt/ruby/bin
export RAILS_ENV=production
export PATH=/usr/local/sphinx/bin:/usr/local/bin:$PATH
export _JAVA_OPTIONS=-Xmx64m
export MAGICK_HOME=/usr/local
export DYLD_LIBRARY_PATH=/usr/local/lib
unset pathmungea

 

At this point, restart the shell that you’re in to pick up the new path information.  You might want to reboot, but that isn’t necessary at this point.  After the restart, we need to install ImageMagick.

#Imagemagick on yum is outdated, so a bug will show up if we don’t do this for now.
cd ~
yum install -y tcl-devel libpng-devel libjpeg-devel ghostscript-devel bzip2-devel freetype-devel libtiff-devel
#wget url to ImageMagick download
wget ftp://ftp.imagemagick.org/pub/ImageMagick/ImageMagick-6.7.0-2.tar.gz
tar xzf ImageMagick-6.7.0-2.tar.gz
cd ImageMagick-6.7.0-2
./configure --prefix=/usr/local --with-bzlib=yes --with-fontconfig=yes --with-freetype=yes --with-gslib=yes --with-gvc=yes --with-jpeg=yes --with-jp2=yes --with-png=yes --with-tiff=yes
make
make install

 

Up next, we need to install some ruby gems.  This list isn’t comprehensive (there will be more to come later), but it will get us started.  I omitted mongrel as a webserver (which would come at this step according to other guides) because I intend on using Apache.  I also know that echoe, textpow, and oniguruma are either included or incompatible with this version of Ruby, so they were omitted.  I didn’t find any problems at the end without them, so I’m assuming they were extras.

UPDATE 6/8: You probably don’t need to do this since bundle exec (below) will cover this for you.  You will need to run “gem install bundle” instead at this step.

gem install sphinx rmagick ultrasphinx mime-types chronic ruby-hmac daemons mime-types BlueCloth ruby-yadis ruby-openid rspec rspec-rails RedCloth stompserver --no-ri --no-rdoc

 

Now let’s add the extra repositories and fix some centos bugs.  Don’t worry if the packages aren’t found.

#fix some centos bugs:
yum remove perl-Net-SSLeay perl-IO-Socket-SSL

#install some repositories
wget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
wget http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
rpm -Uvh remi-release-5*.rpm epel-release-5*.rpm

 

Finally, its time to move onto the installation of gitorious.  The su command will drop you into a shell owned by git (cool huh?).

useradd -d /home/git git

su git
cd ~
mkdir log
mkdir conf
git clone git://gitorious.org/gitorious/mainline.git gitorious
cd gitorious/
mkdir -p tmp/pids
exit
#(exit here will return to root)

ln -s /home/git/gitorious/script/gitorious /usr/local/bin/gitorious
cd /home/git/gitorious/
chmod ug+x script/*
chmod -R g+w config/ log/ public/ tmp/

 

Next, we need to modify several files and begin preparing Gitorious to run.

Update 6/8/11: When getting to the gem install portions, you probably only need to run the bundle commands, skipping the gem commands all together.

su git

#modify each vim'd file appropriately

vim /home/git/gitorious/doc/templates/centos/git-daemon
RUBY_HOME="/opt/ruby"
GITORIOUS_HOME="/home/git/gitorious"

vim /home/git/gitorious/doc/templates/centos/git-ultrasphinx
GITORIOUS_HOME="/home/git/gitorious"

vim /home/git/gitorious/doc/templates/centos/git-poller
RUBY_HOME="/opt/ruby"
GITORIOUS_HOME="/home/git/gitorious"
export _JAVA_OPTIONS=-Xmx64m

vim /home/git/gitorious/doc/templates/centos/stomp
RUBY_HOME="/opt/ruby"
GEMS_HOME="/opt/ruby"
GITORIOUS_HOME="/home/git/gitorious"

exit  #return to root

#next as root:

gem install --no-ri --no-rdoc -v 1.5.0 json
gem install --no-ri --no-rdoc -v 1.3.1.1 rdiscount

cd /home/git/gitorious
bundle install
bundle exec rake gems:install

gem install --no-ri --no-rdoc -v 0.8.7 rake
gem install --no-ri --no-rdoc -v 1.1.0 daemons

gem uninstall rake -v 0.9.1
gem uninstall daemons -v 1.1.3

gem uninstall geoip
#select all

gem install --no-ri --no-rdoc -v 0.8.9 geoip
gem install --no-ri --no-rdoc -v 1.0 raspell

cp config/database.sample.yml config/database.yml
cp config/gitorious.sample.yml config/gitorious.yml
cp config/broker.yml.example config/broker.yml

su git
mkdir /home/git/data
mkdir /home/git/data/repositories
mkdir /home/git/data/tarballs
mkdir /home/git/data/tarball-work
chown -R git:git /home/git/data
#enable key management
mkdir /home/git/.ssh
chmod -R 700 /home/git/.ssh
touch /home/git/.ssh/authorized_keys
chmod 600 /home/git/.ssh/authorized_keys
chmod -R 700 /home/git/data
exit #back to root

#permissions fix:
chown -R git:git /home/git
chmod 711 /home/git

At this point, we need to make a secret cookie for a configuration file, make note of the output from this command.

apg -m 64
#sample output below, DON’T use it!
[root@string ~]# apg -m 64
SwouncievNivJucivrevnisfookEcnasiarHamgogdipmopyicbyctyikBagArim
gronugAmIsUkDifpoyftEggobviuzIpArgecHewElsOcubnuejEtDecerlyooHib
smivyecivfalakMarfAvikokip^ojyorwahonkIrEdeibZepbivsaftIdmapmic)
frivetcetEceivepJuxNeipnidzaroyffAgVevfuIvDesemAfyacAppAtdeavays
wenEjUcoofnafryefGewboshkyersufcawJontIavZenFeifWoitGejEajnoiWry
sawidHewofOkheTwiOjFigWigbobinCushBurnErnodedLuenAtTeyznoynoryop

There are several ruby environments for different modes of Ruby, these are Test, Development, and Production.  Although we have to set up the Development and Test environments (mostly to avoid errors and warnings), I will only use the Production Environment in the end.  Also, don’t use the key above, or below, I just inserted it to give you an idea of how it should look.

vim /home/git/gitorious/config/gitorious.yml

#For production, development, and test sections:
#copy paste exactly (new lines count), if you get an error below, this file will be where to look.
development:
  cookie_secret: SwouncievNivJucivrevnisfookEcnasiarHamgogdipmopyicbyctyikBagArimgronugAmIsUkDifpoyftEggobviuzIpArgecHewElsOcubnuejEtDecerlyooHibsmivyecivfalakMarfAvikokip^ojyorwahonkIrEdeibZepbivsaftIdmapmic)frivetcetEceivepJuxNeipnidzaroyffAgVevfuIvDesemAfyacAppAtdeavayswenEjUcoofnafryefGewboshkyersufcawJontIavZenFeifWoitGejEajnoiWrysawidHewofOkheTwiOjFigWigbobinCushBurnErnodedLuenAtTeyznoynoryop
  repository_base_path: "/home/git/data/repositories"
  extra_html_head_data:
  system_message:
  gitorious_client_port: 80
  gitorious_client_host: git.matthouse.us
  gitorious_host: git.matthouse.us
  gitorious_user: git
  exception_notification_emails: admin@matthouse.us
  mangle_email_addresses: true
  public_mode: true
  locale: en
  archive_cache_dir: "/home/git/data/tarballs"
  archive_work_dir: "/home/git/data/tarball-work"
  only_site_admins_can_create_projects: true
  hide_http_clone_urls: false
  is_gitorious_dot_org: false

test:
  cookie_secret: SwouncievNivJucivrevnisfookEcnasiarHamgogdipmopyicbyctyikBagArimgronugAmIsUkDifpoyftEggobviuzIpArgecHewElsOcubnuejEtDecerlyooHibsmivyecivfalakMarfAvikokip^ojyorwahonkIrEdeibZepbivsaftIdmapmic)frivetcetEceivepJuxNeipnidzaroyffAgVevfuIvDesemAfyacAppAtdeavayswenEjUcoofnafryefGewboshkyersufcawJontIavZenFeifWoitGejEajnoiWrysawidHewofOkheTwiOjFigWigbobinCushBurnErnodedLuenAtTeyznoynoryop
  repository_base_path: "/home/git/data/repositories"
  extra_html_head_data:
  system_message:
  gitorious_client_port: 80
  gitorious_client_host: git.matthouse.us
  gitorious_host: git.matthouse.us
  gitorious_user: git
  exception_notification_emails: admin@matthouse.us
  mangle_email_addresses: true
  public_mode: true
  locale: en
  archive_cache_dir: "/home/git/data/tarballs"
  archive_work_dir: "/home/git/data/tarball-work"
  only_site_admins_can_create_projects: true
  hide_http_clone_urls: false
  is_gitorious_dot_org: false

production:
  cookie_secret: SwouncievNivJucivrevnisfookEcnasiarHamgogdipmopyicbyctyikBagArimgronugAmIsUkDifpoyftEggobviuzIpArgecHewElsOcubnuejEtDecerlyooHibsmivyecivfalakMarfAvikokip^ojyorwahonkIrEdeibZepbivsaftIdmapmic)frivetcetEceivepJuxNeipnidzaroyffAgVevfuIvDesemAfyacAppAtdeavayswenEjUcoofnafryefGewboshkyersufcawJontIavZenFeifWoitGejEajnoiWrysawidHewofOkheTwiOjFigWigbobinCushBurnErnodedLuenAtTeyznoynoryop
  repository_base_path: "/home/git/data/repositories"
  extra_html_head_data:
  system_message:
  gitorious_client_port: 80
  gitorious_client_host: git.matthouse.us
  gitorious_host: git.matthouse.us
  gitorious_user: git
  exception_notification_emails: admin@matthouse.us
  mangle_email_addresses: true
  public_mode: true
  locale: en
  archive_cache_dir: "/home/git/data/tarballs"
  archive_work_dir: "/home/git/data/tarball-work"
  only_site_admins_can_create_projects: true
  hide_http_clone_urls: false
  is_gitorious_dot_org: false

Now let’s configure the broker.  For a while, I was confused about why other guides had me install both stomp and activemq.  It turns out that you only need one or the other.  For me, stomp was more memory friendly, so I choose that.  Towards the end of this blow, I also provide the procedure for installing ActiveMQ (which doesn’t pertain to what I’m installing).  If you want ActiveMQ, you simply have to replace “stomp” below with “activemq” to get this to work I believe (although I didn’t test that) and install ActiveMQ around this point (as detailed at the end).

vim /home/git/gitorious/config/broker.yml

production:
    adapter: stomp
development:
    adapter: stomp
test:
    adapter: stomp

Now let’s go through some more commands, including database configuration.  Replace the prompts with your own.

f

#permissions fix:
chown -R git:git /home/git

mysql -uroot –p’<ROOT’S MYSQL PASSWORD>'

create database gitorious;
create database gitorious_test;
create database gitorious_dev;
CREATE user 'git'@'localhost' IDENTIFIED BY '<PASWORD>';
GRANT ALL ON gitorious.* TO 'git'@'localhost';
GRANT ALL ON gitorious_test.* TO 'git'@'localhost';
GRANT ALL ON gitorious_dev.* TO 'git'@'localhost';
FLUSH privileges;
exit;

One more major edit to a file to go!  Once again, replace with the one you used above.

vim /home/git/gitorious/config/database.yml

development:
  adapter: mysql
  database: gitorious_dev
  username: git
  password: <PASWORD>
  host: localhost
  encoding: utf8

test:
  adapter: mysql
  database: gitorious_test
  username: git
  password: <PASWORD>
  host: localhost
  encoding: utf8

production:
  adapter: mysql
  database: gitorious
  username: git
  password: <PASWORD>
  host: localhost
  encoding: utf8

Now some more commands to configure gitorious.  I was a little obsessive with fixing permissions (since I did a lot as root), but I wanted to make sure that I wouldn’t hit unknown errors and bugs.

#fix permissions
cd /home
chown -R git:git /home/git
cd /home/git
chmod -R 755 data
chmod 755 gitorious

cd /home/git/gitorious
bundle exec rake db:create:all
bundle exec rake db:setup
bundle exec rake db:migrate

#fix permissions
cd /home
chown -R git:git /home/git
cd /home/git
chmod -R 755 data
chmod 755 gitorious

It’s now time to start some services related to Gitorious.  Make sure that there are no errors in this section.  I recommend executing line by line.

ln -s /home/git/gitorious/doc/templates/centos/git-daemon /etc/init.d/git-daemon
chmod +x /etc/init.d/git-daemon
chkconfig --add git-daemon
service git-daemon start

ln -s /home/git/gitorious/doc/templates/centos/stomp /etc/init.d/stomp
chmod +x /etc/init.d/stomp
chkconfig --add stomp
service stomp start

ln -s /home/git/gitorious/doc/templates/centos/git-poller /etc/init.d/git-poller
chmod +x /etc/init.d/git-poller
chkconfig --add git-poller
service git-poller start

At this point, we can get into the Apache configuration.  To download from gitorious, we need mod_xsendfile.  To the best of my knowledge, Gitorious drops the executable bit off from the tar archives it creates, so the files cannot be accessed traditionally.  This presents a problem and this modification makes the files downloadable without the executable bit being set.

yum install -y httpd httpd-devel mod_xsendfile
#mod qos for sloworis attack control and DOS attack control
cd ~
mkdir apachemod
cd apachemod
wget http://sourceforge.net/projects/mod-qos/files/mod_qos-9.57.tar.gz/download
tar xzf mod_qos-9.57.tar.gz
cd mod_qos-9.57/apache2
apxs -i -c mod_qos.c
chmod 755 /usr/lib64/httpd/modules/mod_qos.so
#configure xsendfile

vim /etc/httpd/conf.d/xsendfile.conf
#add below LoadModule line
XSendFile on
XSendFilePath /home/git/data/tarballs
#UPDATE 6/8/11: Add a path to the repositories folder for git to work over http.
XSendFilePath /home/git/data/repositories

#install ruby Passenger to make Ruby applications work on Apache.

/opt/ruby-enterprise-1.8.7-2011.03/bin/passenger-install-apache2-module
#accept the defaults

At this point, we now need to configure Apache.  I do this with a two file approach separating the website configuration from the server configuration.  If you copy paste my httpd.conf file, it will serve you well, provided you change the “ServerAdmin” and “ServerName” directives (options).  The same isn’t true of my host.conf file, you’re going to have to modify that for your particular installation.

cd /etc/httpd/conf
vim httpd.conf

### Section 1: Global Environment
ServerTokens OS
ServerRoot "/etc/httpd"
PidFile run/httpd.pid
Timeout 120
KeepAlive Off
MaxKeepAliveRequests 100
KeepAliveTimeout 15
Listen 80

LoadModule auth_basic_module modules/mod_auth_basic.so
LoadModule auth_digest_module modules/mod_auth_digest.so
LoadModule authn_file_module modules/mod_authn_file.so
LoadModule authn_alias_module modules/mod_authn_alias.so
LoadModule authn_anon_module modules/mod_authn_anon.so
LoadModule authn_dbm_module modules/mod_authn_dbm.so
LoadModule authn_default_module modules/mod_authn_default.so
LoadModule authz_host_module modules/mod_authz_host.so
LoadModule authz_user_module modules/mod_authz_user.so
LoadModule authz_owner_module modules/mod_authz_owner.so
LoadModule authz_groupfile_module modules/mod_authz_groupfile.so
LoadModule authz_dbm_module modules/mod_authz_dbm.so
LoadModule authz_default_module modules/mod_authz_default.so
LoadModule ldap_module modules/mod_ldap.so
LoadModule authnz_ldap_module modules/mod_authnz_ldap.so
LoadModule include_module modules/mod_include.so
LoadModule log_config_module modules/mod_log_config.so
LoadModule logio_module modules/mod_logio.so
LoadModule env_module modules/mod_env.so
LoadModule ext_filter_module modules/mod_ext_filter.so
LoadModule mime_magic_module modules/mod_mime_magic.so
LoadModule expires_module modules/mod_expires.so
LoadModule deflate_module modules/mod_deflate.so
LoadModule headers_module modules/mod_headers.so
LoadModule usertrack_module modules/mod_usertrack.so
LoadModule setenvif_module modules/mod_setenvif.so
LoadModule mime_module modules/mod_mime.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule info_module modules/mod_info.so
LoadModule dav_fs_module modules/mod_dav_fs.so
LoadModule vhost_alias_module modules/mod_vhost_alias.so
LoadModule negotiation_module modules/mod_negotiation.so
LoadModule dir_module modules/mod_dir.so
LoadModule actions_module modules/mod_actions.so
LoadModule speling_module modules/mod_speling.so
LoadModule userdir_module modules/mod_userdir.so
LoadModule alias_module modules/mod_alias.so
LoadModule rewrite_module modules/mod_rewrite.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule cache_module modules/mod_cache.so
LoadModule suexec_module modules/mod_suexec.so
LoadModule disk_cache_module modules/mod_disk_cache.so
LoadModule file_cache_module modules/mod_file_cache.so
#LoadModule mem_cache_module modules/mod_mem_cache.so
LoadModule cgi_module modules/mod_cgi.so
LoadModule version_module modules/mod_version.so
#LoadModule cern_meta_module modules/mod_cern_meta.so
#LoadModule asis_module modules/mod_asis.so

LoadModule unique_id_module modules/mod_unique_id.so
LoadModule qos_module /usr/lib64/httpd/modules/mod_qos.so

LoadModule passenger_module /opt/ruby/lib/ruby/gems/1.8/gems/passenger-3.0.7/ext/apache2/mod_passenger.so
   PassengerRoot /opt/ruby/lib/ruby/gems/1.8/gems/passenger-3.0.7
   PassengerRuby /opt/ruby/bin/ruby

Include conf.d/*.conf
#ExtendedStatus On
User apache
Group apache

### Section 2: 'Main' server configuration

ServerAdmin admin@matthouse.us
ServerName string.matthouse.us:80
UseCanonicalName Off
DocumentRoot "/var/www/html"

<Directory />
    Options FollowSymLinks
    AllowOverride All
</Directory>

<IfModule mod_userdir.c>
    UserDir public_html
</IfModule>

DirectoryIndex index.html index.html.var index.htm
AccessFileName .htaccess

<Files ~ "^.ht"> #deny serving ht files
    Order allow,deny
    Deny from all
</Files>

TypesConfig /etc/mime.types
DefaultType text/plain
<IfModule mod_mime_magic.c>
#   MIMEMagicFile /usr/share/magic.mime
    MIMEMagicFile conf/magic
</IfModule>

HostnameLookups Off
#EnableMMAP off
#EnableSendfile off
ErrorLog logs/error_log
LogLevel warn

LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i"" combined
LogFormat "%h %l %u %t "%r" %>s %b" common
LogFormat "%{Referer}i -> %U" referer
LogFormat "%{User-agent}i" agent
#LogFormat "%h %l %u %t "%r" %>s %b "%{Referer}i" "%{User-Agent}i" %I %O" combinedio

#CustomLog logs/access_log common
#CustomLog logs/referer_log referer
#CustomLog logs/agent_log agent
CustomLog logs/access_log combined

ServerSignature On

Alias /icons/ "/var/www/icons/"
<Directory "/var/www/icons">
    Options Indexes MultiViews
    AllowOverride None
    Order allow,deny
    Allow from all
</Directory>

#
# WebDAV module configuration section.
#
<IfModule mod_dav_fs.c>
    # Location of the WebDAV lock database.
    DAVLockDB /var/lib/dav/lockdb
</IfModule>
ScriptAlias /cgi-bin/ "/var/www/cgi-bin/"
<Directory "/var/www/cgi-bin">
    AllowOverride All
    Options None
    Order allow,deny
    Allow from all
</Directory>

# Redirect permanent /foo http://www.example.com/bar

# Directives controlling the display of server-generated directory listings.
IndexOptions FancyIndexing VersionSort NameWidth=* HTMLTable
AddIconByEncoding (CMP,/icons/compressed.gif) x-compress x-gzip
AddIconByType (TXT,/icons/text.gif) text/*
AddIconByType (IMG,/icons/image2.gif) image/*
AddIconByType (SND,/icons/sound2.gif) audio/*
AddIconByType (VID,/icons/movie.gif) video/*
AddIcon /icons/binary.gif .bin .exe
AddIcon /icons/binhex.gif .hqx
AddIcon /icons/tar.gif .tar
AddIcon /icons/world2.gif .wrl .wrl.gz .vrml .vrm .iv
AddIcon /icons/compressed.gif .Z .z .tgz .gz .zip
AddIcon /icons/a.gif .ps .ai .eps
AddIcon /icons/layout.gif .html .shtml .htm .pdf
AddIcon /icons/text.gif .txt
AddIcon /icons/c.gif .c
AddIcon /icons/p.gif .pl .py
AddIcon /icons/f.gif .for
AddIcon /icons/dvi.gif .dvi
AddIcon /icons/uuencoded.gif .uu
AddIcon /icons/script.gif .conf .sh .shar .csh .ksh .tcl
AddIcon /icons/tex.gif .tex
AddIcon /icons/bomb.gif core
AddIcon /icons/back.gif ..
AddIcon /icons/hand.right.gif README
AddIcon /icons/folder.gif ^^DIRECTORY^^
AddIcon /icons/blank.gif ^^BLANKICON^^
DefaultIcon /icons/unknown.gif
#AddDescription "GZIP compressed document" .gz
#AddDescription "tar archive" .tar
#AddDescription "GZIP compressed tar archive" .tgz
ReadmeName README.html
HeaderName HEADER.html
IndexIgnore .??* *~ *# HEADER* README* RCS CVS *,v *,t

AddLanguage ca .ca
AddLanguage cs .cz .cs
AddLanguage da .dk
AddLanguage de .de
AddLanguage el .el
AddLanguage en .en
AddLanguage eo .eo
AddLanguage es .es
AddLanguage et .et
AddLanguage fr .fr
AddLanguage he .he
AddLanguage hr .hr
AddLanguage it .it
AddLanguage ja .ja
AddLanguage ko .ko
AddLanguage ltz .ltz
AddLanguage nl .nl
AddLanguage nn .nn
AddLanguage no .no
AddLanguage pl .po
AddLanguage pt .pt
AddLanguage pt-BR .pt-br
AddLanguage ru .ru
AddLanguage sv .sv
AddLanguage zh-CN .zh-cn
AddLanguage zh-TW .zh-tw
LanguagePriority en ca cs da de el eo es et fr he hr it ja ko ltz nl nn no pl pt pt-BR ru sv zh-CN zh-TW
ForceLanguagePriority Prefer Fallback
AddDefaultCharset UTF-8
#AddType application/x-tar .tgz
#AddEncoding x-compress .Z
#AddEncoding x-gzip .gz .tgz
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz

AddHandler cgi-script .cgi .pl
#AddHandler send-as-is asis
AddHandler type-map var
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml

# 1) plain text 2) local redirects 3) external redirects
#ErrorDocument 500 "The server made a boo boo."
#ErrorDocument 404 /missing.html
#ErrorDocument 404 "/cgi-bin/missing_handler.pl"
#ErrorDocument 402 http://www.example.com/subscription_info.html

Alias /error/ "/var/www/error/"

<IfModule mod_negotiation.c>
<IfModule mod_include.c>
    <Directory "/var/www/error">
        AllowOverride None
        Options IncludesNoExec
        AddOutputFilter Includes html
        AddHandler type-map var
        Order allow,deny
        Allow from all
        LanguagePriority en es de fr
        ForceLanguagePriority Prefer Fallback
    </Directory>

#    ErrorDocument 400 /error/HTTP_BAD_REQUEST.html.var
#    ErrorDocument 401 /error/HTTP_UNAUTHORIZED.html.var
#    ErrorDocument 403 /error/HTTP_FORBIDDEN.html.var
#    ErrorDocument 404 /error/HTTP_NOT_FOUND.html.var
#    ErrorDocument 405 /error/HTTP_METHOD_NOT_ALLOWED.html.var
#    ErrorDocument 408 /error/HTTP_REQUEST_TIME_OUT.html.var
#    ErrorDocument 410 /error/HTTP_GONE.html.var
#    ErrorDocument 411 /error/HTTP_LENGTH_REQUIRED.html.var
#    ErrorDocument 412 /error/HTTP_PRECONDITION_FAILED.html.var
#    ErrorDocument 413 /error/HTTP_REQUEST_ENTITY_TOO_LARGE.html.var
#    ErrorDocument 414 /error/HTTP_REQUEST_URI_TOO_LARGE.html.var
#    ErrorDocument 415 /error/HTTP_UNSUPPORTED_MEDIA_TYPE.html.var
#    ErrorDocument 500 /error/HTTP_INTERNAL_SERVER_ERROR.html.var
#    ErrorDocument 501 /error/HTTP_NOT_IMPLEMENTED.html.var
#    ErrorDocument 502 /error/HTTP_BAD_GATEWAY.html.var
#    ErrorDocument 503 /error/HTTP_SERVICE_UNAVAILABLE.html.var
#    ErrorDocument 506 /error/HTTP_VARIANT_ALSO_VARIES.html.var

</IfModule>
</IfModule>

BrowserMatch "Mozilla/2" nokeepalive
BrowserMatch "MSIE 4.0b2;" nokeepalive downgrade-1.0 force-response-1.0
BrowserMatch "RealPlayer 4.0" force-response-1.0
BrowserMatch "Java/1.0" force-response-1.0
BrowserMatch "JDK/1.0" force-response-1.0
BrowserMatch "Microsoft Data Access Internet Publishing Provider" redirect-carefully
BrowserMatch "MS FrontPage" redirect-carefully
BrowserMatch "^WebDrive" redirect-carefully
BrowserMatch "^WebDAVFS/1.[0123]" redirect-carefully
BrowserMatch "^gnome-vfs/1.0" redirect-carefully
BrowserMatch "^XML Spy" redirect-carefully
BrowserMatch "^Dreamweaver-WebDAV-SCM1" redirect-carefully

<IfModule prefork.c>
StartServers       1
MinSpareServers    1
MaxSpareServers  1
ServerLimit      128
MaxClients       128
MaxRequestsPerChild  1000
</IfModule>

### Section 3: CONF STUFF
Include conf/host.conf

Next is the virtual host configuration.  I chose to use https / ssl with a self-signed certificate, so that procedure is below.  The following probably won’t be a perfect cut / paste for you, but it will be close enough provided you fill in the blanks.  If you wish to not use https, simply copy the basic host.conf file and remove the SSL elements (including the port 443 stuff).

cd ~
yum install –y mod_ssl openssl
openssl genrsa -out ca.key 2048
openssl req -new -key ca.key -out ca.csr
#Enter in the information

#sample information
#Country Name (2 letter code) [GB]:US
#State or Province Name (full name) [Berkshire]:NEW YORK
#Locality Name (eg, city) [Newbury]:GREAT VALLEY
#Organization Name (eg, company) [My Company Ltd]:MATTHOUSE
#Organizational Unit Name (eg, section) []:
#Common Name (eg, your name or your server's hostname) []:string.matthouse.us
#Email Address []:admin@matthouse.us
#
#Please enter the following 'extra' attributes to be sent with your certificate request
#A challenge password []:
#An optional company name []:

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.disabled

Now we make the virtualhost include file.

vim /etc/httpd/conf/host.conf

#enable ~user home directories.
<Directory /home/*/public_html>
    Options MultiViews Indexes SymLinksIfOwnerMatch Includes ExecCGI
    AllowOverride All
    Order allow,deny
    Allow from all
</Directory>

NameVirtualHost *:80

<VirtualHost *:80>
        ServerName  string.matthouse.us
        ServerAlias www.string.matthouse.us
        ServerAdmin admin@matthouse.us
        DocumentRoot /var/www
        ErrorLog  /var/www/error.log
        CustomLog /var/www/access.log combined
</VirtualHost>

<VirtualHost *:80>
        ServerName  git.matthouse.us
        ServerAdmin admin@matthouse.us
        DocumentRoot /home/git/gitorious/public
        ErrorLog  /var/www/errorgit.log
        CustomLog /var/www/accessgit.log combined
#customlog is good for awstats software
        <Directory /home/git/gitorious/public>
          AllowOverride all
          Options -MultiViews
        </Directory>
</VirtualHost>

LoadModule ssl_module modules/mod_ssl.so
Listen 443
AddType application/x-x509-ca-cert .crt
AddType application/x-pkcs7-crl    .crl
SSLPassPhraseDialog  builtin
SSLSessionCache         shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout  300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom  256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin

NameVirtualHost *:443

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        SSLProtocol all -SSLv2
        SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
        ServerName  git.matthouse.us
        ServerAdmin admin@matthouse.us
        DocumentRoot /home/git/gitorious/public
        ErrorLog  /var/www/errorgit.log
        CustomLog /var/www/accessgit.log combined
        <Directory /home/git/gitorious/public>
          AllowOverride all
          Options -MultiViews
        </Directory>
</VirtualHost>

At this point, test the Apache server configuration and start it.  Then we will fix permissions once more.

service httpd configtest
service httpd start
#fix permissions again
cd /home
chmod 711 git
chown -R git:git git

It’s now time to add a Gitorious user!

su git
cd ~/gitorious
env RAILS_ENV=production script/create_admin

#sample
Type in Administrator's e-mail:
admin@matthouse.us
Type in Administrator's password:
<APASSWORD>
Admin user created successfully.

exit
#exit back to root

Next, if you wish to disable most of the SSL links on your Gitorious install, do the following (I did this).  In the install that I did, I enabled SSL so that for the few links that went to https sites, Gitorious would continue to work (with a few warnings of course because self-signed certificates aren’t trusted and I’m not paying for a trusted rapidssl certificate for how little I am going to use Gitorious myself).

UPDATE 6/8/11: The SSLRequirement directive is no longer required in production.rb (below).  Instead, add “disable_ssl” OR “enable_ssl” as a line to the file /home/git/gitorious/config/gitorious.yml (as the git user).

#disable SSL links (for the most part
su git
vim ~/gitorious/config/environments/production.rb
#add the following line somewhere in the file at the top:
SslRequirement.disable_ssl_check = true
exit
#exit back to root

It’s now time to configure ultrasphinx.  I believe that this is used mostly for indexing and searching the Gitorious site, but it could be used for other functionality too.

cd /home/git/gitorious 

export RAILS_ENV=production
export PATH=/usr/local/sphinx/bin:$PATH

bundle exec rake ultrasphinx:configure RAILS_ENV=production
bundle exec rake ultrasphinx:index RAILS_ENV=production
bundle exec rake ultrasphinx:daemon:start RAILS_ENV=production

#the following command builds the sphinx dictionary.  For me it seg faults, but gets rid of a pesky dictionary error.
cd /home/git/gitorious
aspell config dict-dir
   /usr/lib64/aspell-0.60
cp vendor/plugins/ultrasphinx/examples/ap.multi /usr/lib64/aspell-0.60/
#the next command segfaults, but it makes an annoying error go away in a log
bundle exec rake ultrasphinx:spelling:build

#due to some deprecation in code, the following two changes need to happen:
vim /home/git/gitorious/config/ultrasphinx/production.conf

#change "address" to "listen" due to deprecation
  listen = 0.0.0.0
#change memlimit from 256 to 64 to conserve memory
indexer {
  mem_limit = 64M

#Finally, we need to make git-ultrasphinx a daemon.
ln -s /home/git/gitorious/doc/templates/centos/git-ultrasphinx /etc/init.d/git-ultrasphinx
chmod +x /etc/init.d/git-ultrasphinx

#make mysqld and httpd start automatically
chkconfig mysqld on
chkconfig httpd on

#a few bug fixes
ln -s /usr/local/bin/gitorious /usr/bin

#install imagemagick via yum
#yes, we compiled from source to get rid of an error… but gitorious will have other errors if we don’t
yum –y install ImageMagick

#One last time, I will fix the permissions
cd /home
chown -R git:git /home/git
cd /home/git
chmod -R 755 data
chmod 755 gitorious

We now need to install memcached for Gitorious.  I originally thought this was strictly for performance, but Gitorious expects it to be installed.  I use the remi repository for this since the other repositories have broken dependencies.

yum install -y --enablerepo=remi memcached
service memcached start
chkconfig memcached on

At this point, everything is almost configured fully.  I don’t start the git daemons / services automatically with chkconfig because they won’t run at system startup (I don’t know why).  Therefore, I created a special script and made that start automatically upon reboot using the cron daemon (using the @reboot option).

vim /root/startup.sh

#!/bin/sh
/etc/init.d/stomp start
/etc/init.d/git-daemon start
/etc/init.d/git-poller start
/etc/init.d/git-ultrasphinx start
crontab –e
#add the following to root’s crontab
MAILTO=""
@reboot /root/startup.sh

Next, we need to index the Gitorious site every hour.

su git
crontab –e
#add the following to git’s cron, which indexes the site every hour
MAILTO=""
* */1 * * * cd /home/git/gitorious &amp;&amp; /opt/ruby/bin/rake ultrasphinx:index RAILS_ENV=production
exit
#exit to root

Finally, reboot the VPS.  With any luck, everything will work once its rebooted.  I went to the site and tested the following functionality:

  • Adding an ssh key
  • Adding a new repository
  • Adding a wiki page
  • Deleting the above stuff
  • Committing to the repository from a local repository

The above is all I required of Gitorious.  Unfortunately, the included tests did not successfully complete for me due to the memory restrictions, but I saw several errors.  I don’t think the tests would fully pass, but the basic functionality that I need is present and that is what matters.  Below is what you can do (as root) to run the tests for yourself.

cd /home/git/gitorious
bundle exec rake test

With the above said, I then went ahead and configured a simple firewall to protect the Gitorious machine.  Below was the procedure for that.

vim /etc/firewall.sh

#!/bin/bash
# My system IP/set ip address of server
SERVER_IP="205.234.203.115"
# Flushing all rules
iptables -F
iptables -X

# Setting default filter policy
service iptables restart
iptables -F
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

#allowed inbound
#ssh
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP --dport 22 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
iptables -A INPUT -p tcp -s 0/0 -d $SERVER_IP --dport 9418 -m state --state NEW,ESTABLISHED -j ACCEPT

iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
#allow ping
iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT
iptables  -A INPUT -j DROP

Next, we need to add the firewall to system startup.

chmod +x /etc/firewall.sh

crontab –e
#add the following at the bottom
@reboot /etc/firewall.sh

The (relatively simple) firewall is now configured to allow incoming pings to the server, SSH access, HTTP access, and GIT access using the git protocol.  If you have issues like I did with an unknown error, your VPS provider will have to enable the connection tracking feature of IPTables for you, otherwise committing to a gitorious repository will not work.

I also configured sendmail to send mail from this machine appropriately.  Below is a simple procedure for this.  You could get a lot more in depth, but it isn’t necessary.  Note that using this method, all mail will be sent from user@string.matthouse.us in my case (since this is the machine hostname).

vim /etc/mail/local-host-names
#add local hosts as appropriate
localhost
string.matthouse.us
git.matthouse.us

vim /root/.forward
#add your email address to the first line
admin@matthouse.us

service sendmail restart

With that, the Gitorious install is officially Installed.  I will not continue onto the ActiveMQ installation as mentioned above, this is only required if you chose to use ActiveMQ as a broker instead of Stomp.

Below is the ActiveMQ installation procedure (as written in my internal documentation) for your enjoyment.  I will not explain this, but I thought it would be appropriate to include it since I originally followed it to a dead end!  This is strictly not required for the above installation and will do nothing to help you if you’re getting errors above (while using stomp as I did).

wget http://apache.spd.co.il/activemq/apache-activemq/5.5.0/apache-activemq-5.5.0-bin.tar.gz
tar xzvf apache-activemq-5.5.0-bin.tar.gz
mv apache-activemq-5.5.0 /usr/local/apache-activemq5.50
cd /usr/local
ln -s apache-activemq5.50 apache-activemq
cd ~
adduser activemq
chown -R activemq /usr/local/apache-activemq/data

cd /usr/local/apache-activemq5.50/

vim bin/activemq

#change comments to:

 ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote.ssl=false"
#ACTIVEMQ_SUNJMX_START="$ACTIVEMQ_SUNJMX_START -Dcom.sun.management.jmxremote"

vim /usr/local/apache-activemq/bin/activemq-admin
find: ACTIVEMQ_OPTS="-Xmx512M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties"
replace: ACTIVEMQ_OPTS="-Xmx64M -Dorg.apache.activemq.UseDedicatedTaskRunner=true -Djava.util.logging.config.file=logging.properties"

vim activemqstart.sh

#!/bin/bash
export JAVA_HOME=/usr/lib/jvm/jre
export _JAVA_OPTIONS=-Xmx64m
/usr/local/apache-activemq/bin/activemq-admin start &amp;

vim activemqstop.sh

#!/bin/bash
export JAVA_HOME=/usr/lib/jvm/jre
export _JAVA_OPTIONS=-Xmx64m
/usr/local/apache-activemq/bin/activemq-admin stop

chmod +x activemqstart.sh
chmod +x activemqstop.sh

cd /etc/init.d
vim activemq

#!/bin/bash
#
# activemq       Starts ActiveMQ.
#
#
# chkconfig: 345 88 12
# description: ActiveMQ is a JMS Messaging Queue Server.
### BEGIN INIT INFO
# Provides: $activemq
### END INIT INFO

# Source function library.
. /etc/init.d/functions

export _JAVA_OPTIONS=-Xmx64m

[ -f /usr/local/apache-activemq/activemqstart.sh ] || exit 0
[ -f /usr/local/apache-activemq/activemqstop.sh ] || exit 0

RETVAL=0

umask 077

start() {
       echo -n $"Starting ActiveMQ: "
       daemon /usr/local/apache-activemq/activemqstart.sh
       echo
       return $RETVAL
}
stop() {
       echo -n $"Shutting down ActiveMQ: "
       daemon su -c /usr/local/apache-activemq/activemqstop.sh activemq
       echo
       return $RETVAL
}
restart() {
       stop
       start
}
case "$1" in
 start)
       start
       ;;
 stop)
       stop
       ;;
 restart|reload)
       restart
       ;;
 *)
       echo $"Usage: $0 {start|stop|restart}"
       exit 1
esac

exit $?

#run these commands
chmod +x activemq
chkconfig activemq on

Whew, this is the longest blog I’ve ever written!  That just goes to show the complexity of Gitorious, not to mention the administrative overhead of maintaining Ruby and Imagemagick, possible even ActiveMQ (since they were installed from source).  This blog post is in no way shape or form a complete guide to getting Gitorious installed and functional, but it will help get you most of the way there.  Because of the complexity of this software, I will likely not be of much help for any problems that I might be asked to help resolve.  As a disclaimer, use the information in this blog post at your own risk, I’m not responsible for the loss of any data, time or profits that you might incur from following this guide.

As always, thanks for reading!

Special thanks to Marius Mathiesen for comments about inaccuracies in this tutorial.  Information is up to date as of 6/8/2011.

Tags: , , , , ,
Posted in Hosting / Server Administration, My Site, Programming, Technology

This entry was posted on Friday, June 3rd, 2011 at 5:07 pm and is filed under Hosting / Server Administration, My Site, Programming, Technology. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

43 Responses to “Installing Gitorious on CentOS 5.6 x64”

  1. Royce says:

    Hopefully, the thousands of dollars I’ll be throwing at college will allow me to one day understand all of this. :P

  2. hey , it’s not that complicated , I remember doing this when I was 15 ( I used to play with roots and mIRc Bots and channels ) . It’s a simple linux OS , and those are some elementary command that you use , just like in MS-Dos ( windows )

  3. Daryl says:

    Thanks for sharing, this is a fantastic article.Really looking forward to read more. Really Great….

  4. Jere Krischel says:

    Hey, great walkthrough, thank you very much!

    I had a few edits along the way (which I’m more than happy to share), but pretty much everything worked out in the end except for the /root/startup.sh script.

    As it stands, on reboot, only stomp starts correctly. git-daemon and git-poller can be started manually on the command line with the same commands as in /root/startup.sh, but git-ultrasphinx fails:

    # /etc/init.d/git-ultrasphinx start
    rake aborted!
    You have already activated rake 0.9.2, but your Gemfile requires rake 0.8.7. Consider using bundle exec.

    (See full trace by running task with –trace)

  5. [...] Ridiculously long set of instructions on how to get Gitorious running on CentOS 5.6 64-bit. The vast majority of these instructions are copied from http://famousphil.com/blog/2011/06/installing-gitorious-on-centos-5-6-x64/ [...]

  6. Famous Phil says:

    I had issues with those services not starting, which is why I had to use that startup script. Most of those issues are caused by the lack of available memory. Ultrasphinx is mostly for searching from what I remember, so that probably isn’t a vital service.

    If you want to save yourself the hassle, install indefero, I use that now and its simple to install and maintain :)

  7. dejan says:

    Thanks Phil, great article.
    I just want to confirm that I was able to follow this article step by step to install gitorious on RHEL6, with some minor changes.

  8. Nagaraj says:

    Thanks!
    I am facing problems in installing gitorious. I am unable to install ultrasphinx. When I try this “service stomp start” command it throws “Starting stompserver:Failure” message. Also the command “Starting poller:FAILURE”could not succeed. The path “PATH=/usr/local/sphinx/bin:$PATH” we are going to set for sphinx, but there is no dir. called sphinx. sphinx is not installed properly. Due to stomp server not running it shows “connect failed: Connection refused – connect(2) will retry in 5″ when I try to create projects. On browser window it shows “Mysql::Error: Lock wait timeout exceeded;”

    How to install sphinx properly for gitorious?
    How to start the stomp server?

    steps to reproduce are: I followed the above given steps for installing gitorious. most of them worked, but could not start stomp server.

    I am using passenger+nginx and ree on fedora12.

    Please reply.

    Thanks
    –Nagaraj

  9. Mahlatse Makalancheche says:

    Thanks, took a while but eventually got there.

    Had to replace:

    LogFormat “%h %l %u %t “%r” %>s %b “%{Referer}i” “%{User-Agent}i”" combined
    LogFormat “%h %l %u %t “%r” %>s %b” common

    with:
    LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”" combined
    LogFormat “%h %l %u %t \”%r\” %>s %b” common

    Just escaping some of the stuff, for those that will get some error about LogFormat takes 1-2 arguments… from httpd

    Had to also change the security context
    by running:
    chcon –reference=/usr/sbin/httpd /opt/ruby/lib/ruby/gems/1.8/gems/passenger-3.0.8/ext/apache2/mod_passenger.so

    That’s about all the issues that i remember, the rest was made a pure breeze by Phil’s guide

  10. Famous Phil says:

    Sorry for the lag in reply. I believe your issues are related to an invalid MySQL installation. I know that if you use REMI’s MySQL on a 64 bit CentOS install, MySQL will not run. I’m not sure if there is a bug fix for that yet.

  11. Servere CS says:

    pluginuri CS…

    FamousPhil.com Admin Blog and More :: Installing Gitorious on CentOS 5.6 x64…

  12. Kevin Pelletier says:

    Hi,

    Thanks for the post, installation went great. I was wondering though if there’s any possibilities to install in with a postgresql server instead of mysql. I know it is possible, but you have to install gems and configure rails for it, which I’m not that much used to :(

    Thanks

  13. Famous Phil says:

    Perhaps try something like gem install postrgre-sql or something… I didn’t look it up, but I’d imagine that is how you install the gems. With something like Gitorious though, you have to use the databases that they support since sql server connectivity varies from server to server and typically different code is required for different types of servers. In addition, sometimes SQL varies from server to server (not so much basic SQL, but the more advanced SQL statements).

  14. Kenyatta says:

    i noticed i had to
    cp config/gitorious.sample.yml config/gitorious.yml
    before i ran
    bundle exec rake gems:install
    if i never did that i would get the following:
    [root@centvm64 gitorious]# bundle exec rake gems:install
    (in /home/git/gitorious)
    rake aborted!
    No such file or directory – /home/git/gitorious/config/gitorious.yml

    (See full trace by running task with –trace)

    just thought you may want to know.

  15. Famous Phil says:

    Thank you. I’m sure that by now, there are errors in the install process.

  16. Bill says:

    I cannot uninstall rake 0.9.2 and get anything to work. 0.8.7 is installed, but I get “Could not find rake-0.9.2 in any of the sources” when I run bundle exec rake db:setup. If I run bundle install then I get rake 0.9.2 back and then I get the error “rake aborted!
    undefined method `length’ for #

    Tasks: TOP => db:setup => db:schema:load => environment” from the same command.

    Any ideas?

  17. Bill says:

    Okay, got over that hump by ignoring the “Update 6/8/11: When getting to the gem install portions, you probably only need to run the bundle commands, skipping the gem commands all together” statement and actually executing each of the statements in succession.

    I ran the ‘bundle install’ command when instructed to do so, but now of course that’s presenting itself in another error …

    When trying to start the git-daemon I receive:

    Starting git-daemon: /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/gems/bundler-1.0.18/lib/bundler/source.rb:571:in `load_spec_files’: https://github.com/roman/rots.git (at master) is not checked out. Please run `bundle install` (Bundler::GitError)

    Running bundle install in the /home/git/gitorious directory results in a list of gems and “Your bundle is complete! Use `bundle show [gemname]` to see where a bundled gem is installed.”

    The output of ‘gem environment’ is:

    RubyGems Environment:
    – RUBYGEMS VERSION: 1.5.2
    – RUBY VERSION: 1.8.7 (2011-02-18 patchlevel 334) [x86_64-linux]
    – INSTALLATION DIRECTORY: /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8
    – RUBY EXECUTABLE: /opt/ruby-enterprise-1.8.7-2011.03/bin/ruby
    – EXECUTABLE DIRECTORY: /opt/ruby-enterprise-1.8.7-2011.03/bin
    – RUBYGEMS PLATFORMS:
    – ruby
    – x86_64-linux
    – GEM PATHS:
    – /opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8
    – /root/.gem/ruby/1.8
    – GEM CONFIGURATION:
    – :update_sources => true
    – :verbose => true
    – :benchmark => false
    – :backtrace => false
    – :bulk_threshold => 1000
    – REMOTE SOURCES:
    http://rubygems.org/

  18. Bill says:

    Made it another step … from /home/git/gitorious I had to run the following commands:

    bundle pack
    bundle install –path vender/cache

  19. Ryan Bagwell says:

    Thanks for that last suggestion. Got me over the latest hurdle. Man, has it been process to get this thing up and running.

  20. Thomas says:

    Today I installed Gitorious on CentOS6 and had several startup failures. I made the following changes and startup completes without the errors and all services started:

    I removed startup.sh from the crontab list and called it in rc.local. The stompserver started up fine, so I removed it from startup.sh. Because they are in the startup.sh script I removed the symlinks to git-daemon and git-poller from rc3.d directory.

  21. Kevin Pelletier says:

    Hi again,

    I’m currently in the process to test the new LDAP feature with gitorious. So, I’ve decided to reinstall a new one, but I’m actually faced to a problem I never had before. The installation process is almost done, but, I had some troubles configuring ultrasphinx. When I run this command, here’s the output :
    [root@gitorious-ldap gitorious]# bundle exec rake ultrasphinx:index RAILS_ENV=production
    (in /home/git/gitorious)
    $ indexer –config ‘/home/git/gitorious/config/ultrasphinx/production.conf’ –all
    sh: indexer: command not found
    [root@gitorious-ldap gitorious]#

    I really can’t figure out why it says that the indexer command ain’t found…Is it a package or gem I didn’t install?

  22. Famous Phil says:

    It looks like your paths aren’t set up correctly…. try finding the indexer executable on your system. You may need to do /usr/bin/indexer (full path) to run it or some gem / package isn’t installed. I see that it is using the sh shell, so editing your /etc/bashrc file might also help add that path to the default path so that sh / bundle can find the indexer executable.

  23. Kevin Pelletier says:

    I see, actually, indexer ins’t installed on the system, that’s why I asked if it was part of a gem / package to install and since it wasn’t in yum’s repo, I guessed it was a gem. Is it?

  24. Famous Phil says:

    Indexer is a gem, but it acts more like a system executable from what I recall. Also, never rely on yum because the Redhat repositories aren’t as comprehensive as they could be (compared to FreeBSD ports or Debian repositories), I tend to look at RPMs from online sources when I’m in doubt. I have seen paths fail with gem before, so its very possible that indexer was installed, just not added to a system PATH.

  25. marc says:

    First just comment that who ever has done the tutorial did a very good job.
    Second, I would like to add some information about some problems that came across during the installation/set up process and how I solve them.

    - All the installation process has been done under CentOS 6 x86_64 – so some points are specific for this OS/architecture !!

    * Installation el6 rpmforge packages instead of using the “el5″ ones described in the guide. Steps:

    1. Download the rpmforge-release package. Choose one of the two links below, selecting to match your host’s architecture. If you are unsure of which one to use you can check your architecture with the command uname -i

    – i686: > wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.i686.rpm
    – x86_64: > wget http://packages.sw.be/rpmforge-release/rpmforge-release-0.5.2-2.el6.rf.x86_64.rpm

    2. Install DAG’s GPG key

    > rpm –import http://apt.sw.be/RPM-GPG-KEY.dag.txt

    3. If you get an error message like the following the key has already been imported:

    error: http://apt.sw.be/RPM-GPG-KEY.dag.txt: key 1 import failed.

    4. Verify the package you have downloaded

    > rpm -K rpmforge-release-0.5.2-2.el6.rf.*.rpm

    5. Install the package

    > rpm -i rpmforge-release-0.5.2-2.el6.rf.*.rpm

    * Download ImageMagick manually because the wget link was broken. Link: https://launchpad.net/imagemagick/main/6.7.0-2

    * Install extra libraries if Nokogiri gem installation fails:

    > sudo yum install -y gcc ruby-devel libxml2 libxml2-devel libxslt libxslt-devel

    * > bundle exec rake gems:install -> No such file or directory – /home/git/gitorious/config/gitorious.yml

    > cd /home/git/gitorious/config
    > cp gitorious.sample.yml gitorious.yml

    * Problems running “bundle exec rake gems:install” command:

    a) If Password = No error -> config/database.yml // set password with the one created for Mysql
    b) Create Gitorious DB:

    > mysql -uroot –p’’
    > create database gitorious;
    create database gitorious_test;
    create database gitorious_dev;
    CREATE user ‘git’@'localhost’ IDENTIFIED BY ”;
    GRANT ALL ON gitorious.* TO ‘git’@'localhost’;
    GRANT ALL ON gitorious_test.* TO ‘git’@'localhost’;
    GRANT ALL ON gitorious_dev.* TO ‘git’@'localhost’;
    FLUSH privileges;
    > exit;

    * Starting stompserver:Failure

    > gem install stompserver (from /home/git/gitorious dir)

    * Problems starting httpd service. Modify the apache config file (httpd.conf):

    > Comment the LoadModule’s that gives error
    > Search for the “mod_passenger.so” library and change the path of it to the right one in the
    a) LoadModule passenger_module
    b) PassengerRoot

    * Install aspell-0.60 if is missing:

    > yum install aspell

    Hope that will help someone in the future!

  26. Famous Phil says:

    Thank you! I’m planning on redoing the installation in another month or two and re-writing this post.

  27. Jay says:

    Thanks for the write up. I went through the instructions and now I’m trying to log in with the admin user I created with “script/create_admin” and fails with this message in production.log

    ActionController::InvalidAuthenticityToken (ActionController::InvalidAuthenticityToken):
    vendor/rails/actionpack/lib/action_controller/request_forgery_protection.rb:79:in `verify_authenticity_token’

    This is what I see on the page after login fails:

    Sorry, something went wrong

    Gitorious encountered an server error. We are automatically notified of errors and will look into it. If the error persists beyond what’s reasonable

    I deleted the user and tried again to see if I was putting in the wrong password but it still failed to log the admin user in. Any ideas?

    Thanks in advance.

    Jay

  28. Jay says:

    Problem solved. Looks like I forgot to set the gitorious_client_host and gitorious_host in the gitorious.yml file. After doing this and restarting the service, I was able to login.

  29. Chaoran Xie says:

    Hi Famous Phil, it is great to know that you are trying to keep this guide up to date. Thank you for that, is it possible to have a guide for centos 6 as well?

  30. Famous Phil says:

    I will eventually, its on my todo list. Hopefully around April, I’ll have 6 hours to create a new guide.

  31. Famous Phil says:

    Glad you solved the issue. :)

  32. sbinev says:

    Hey Jay, I was getting the same error (ActionController::InvalidAuthenticityToken) and I see that yours went away by setting gitorious_client_host and gitorious_host in the config file. Mine are already set to the host name for all tree (development,test,production) and I’m still getting the same error.

    Is anyone else seeing this?

  33. Famous Phil says:

    I’ve been meaning to update this for a while, but I’m sure that most of what I did has changed significantly.

  34. linux cp omitting directory…

    [...]FamousPhil.com Admin Blog and More :: Installing Gitorious on CentOS 5.6 x64[...]…

  35. Federico says:

    Hi all,

    someone did setup to gitorious with authentication ldap?
    http://gitorious.org/gitorious/pages/LdapIntegration

    I’m new to this and following these steps I could make my test successfully with ldap login:

    #Bundle exec script/test_ldap_connection USER PASSWORD
    All good, your credentials are correct

    But I can not log into the website …..

    I need more settings to log into the website using the credentials of ldap?

  36. Ben says:

    I’ve got all the steps down, but the website just shows the default apache welcome page… where is a log file I can check that would tell me what is wrong?

  37. Mark says:

    Hi All,

    I have got to the following

    cd /home/git/gitorious
    bundle install
    bundle exec rake gems:install

    but get the error..

    bundle install
    Fetching gem metadata from http://rubygems.org/……
    Fetching https://github.com/roman/rots.git
    error: SSL certificate problem, verify that the CA cert is OK. Details:
    error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed while accessing https://github.com/roman/rots.git/info/refs
    fatal: HTTP request failed
    Git error: command `git clone ‘https://github.com/roman/rots.git’ “/opt/ruby-enterprise-1.8.7-2011.03/lib/ruby/gems/1.8/cache/bundler/git/rots-89de66268344e64f1e3b64de0635f51e857c6bdb” –bare –no-hardlinks` in directory /home/git/gitorious has failed.

    Any ideas appriciated. Permissions…? Hoepfully missed something obvious.

    Thanks in advance

  38. Junior Alvin says:

    Errno::ETIMEDOUT (Connection timed out – connect(2)):

  39. [...] = "ad"; document.write('[Log in to get rid of this advertisement]'); I followed the instructions here to set up Gitorious (uses Apache), and it seems to have caused a problem with how Apache is [...]

  40. Matus says:

    Thanks for the guide.

    I found out that the problem with starting git-daemon and git-poller on startup is because mysql is not started yet. So a simple change in order (git-poller and git-daemon after mysqld) solved it.

  41. Brad says:

    Great article. Thanks for the help on this.

  42. Jamie says:

    Can I have the steps for Installing Gitorious on CentOS 6 ? I tried community cookbooks ran into lots of issues

  43. Famous Phil says:

    Hi Jamie,

    I’m sorry, but it has been so long since I’ve done an install for Gitorious that I cannot help you. I remember that it was a pain to get running, good luck in getting it going!

Leave a Reply


*