发表 admin at 2025年2月28日

类别

未分类

标签

如何在 CentOS 7 上安装 OTRS（OpenSource Trouble Ticket System）

在此页

环境
准备
在 Centos 7 上安装 MariaDB
安装 EPEL
安装 OTRS
在 CentOS 7 上配置 OTRS

OTRS（开源故障单系统软件）是一种复杂的开源软件，公司使用它来改善与客户支持、服务台、呼叫中心等相关的运营。 OTRS 是用 PERL 编写的，并提供以下重要功能：

客户可以通过客户门户网站以及通过电子邮件、电话和传真向每个队列（服务员/技术员邮箱）注册并创建票证/与之互动。
工单可以按其优先级、分配、传输和跟进进行管理。可以拆分、合并工单，可以应用批量操作，还可以设置相互链接和通知。可以通过服务目录配置服务。
要增加团队容量，可以配置自动电子邮件（自动回复）、文本模板和签名。系统支持工单上的注释和附件。
其他功能包括：统计和报告 (CSV/PDF)、SLA 和许多其他功能。

环境

本文涵盖 OTRS 5 安装和基本配置。本文基于以下环境编写：带有 CENTOS 7 Minimal、2GB RAM、8GB HD 和 2 个网络接口（仅限主机和 NAT）的 Virtual Box VM。

准备

假设您使用全新安装的 Centos 7 Minimal，在安装 OTRS 之前，请运行以下命令来更新系统并安装其他软件包：

yum update

Transaction Summary ================================================================================ Install 1 Package Upgrade 39 Packages Total download size: 91 M Is this ok [y/d/N]: y

安装文本编辑器或使用 VI。在本文中我们使用 VIM，运行以下命令进行安装：

yum install vim

要安装 WGET 包，请运行以下命令：

yum install wget

要配置 Centos 7 网络，请运行以下命令打开 NMTUI（网络管理器文本用户界面）工具并根据需要编辑接口和主机名：

nmtui

在 CentOS 7 上设置网络设置和主机名后，运行以下命令以应用更改：

service networks restart

要验证网络信息，请运行以下命令：

ip addr

在我的系统上输出如下所示：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:67:bc:73 brd ff:ff:ff:ff:ff:ff
    inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic enp0s3
       valid_lft 84631sec preferred_lft 84631sec
    inet6 fe80::9e25:c982:1091:90eb/64 scope link 
       valid_lft forever preferred_lft forever
3: enp0s8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 08:00:27:68:88:f3 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.101/24 brd 192.168.56.255 scope global dynamic enp0s8
       valid_lft 1044sec preferred_lft 1044sec
    inet6 fe80::a00:27ff:fe68:88f3/64 scope link 
       valid_lft forever preferred_lft forever

在 Centos 7 上禁用 SELINUX（安全增强型 Linux），编辑以下配置文件：

vim /etc/selinux/config

"/etc/selinux/config" 14L, 547C# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=enforcing
# SELINUXTYPE= can take one of three two values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are prootected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted

将指令 SELINUX 的值 enforcing 更改为禁用，保存文件并重新启动服务器。

要检查 Centos 7 上 SELinux 的状态，请运行以下命令：

getenforce

输出必须是：

Disabled

在 Centos 7 上安装 MariaDB

要在 Centos 7 上安装 MariaDB，请运行以下命令：

yum -y install mariadb-server

在以下目录中创建名为 zotrs.cnf 的文件：

/etc/my.cnf.d/

要创建和编辑文件，请运行以下命令：

vim /etc/my.cnf.d/zotrs.cnf

用以下内容填充文件并保存：

max_allowed_packet = 20M
query_cache_size = 32M
innodb_log_file_size = 256M

要启动 MariaDB，请运行以下命令：

systemctl start mariadb

要提高 MariaDB 的安全性，请运行以下命令：

/usr/bin/mysql_secure_installation

根据以下输出设置选项：

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):<Press Enter>

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] <Press Y>

设置根密码：

New password: 
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] <Press Y>

 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] <Choose acording your needs>

 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] <Press Y>

 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] <Press Y>

 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

将 MariaDB 设置为在启动时自动启动：

systemctl enable mariadb.service

要下载 OTRS，请运行以下命令：

wget http://ftp.otrs.org/pub/otrs/RPMS/rhel/7/otrs-5.0.15-01.n oarch.rpm

安装 EPEL

在我们安装 OTRS 之前，在 Centos 7 上设置 EPEL 存储库。运行以下命令来执行此操作：

[ ~]# yum -y http://mirror.globo.com/epel/7/x86_64/e/epel-r release-7-9.noarch.rpm

安装 OTRS

使用以下命令安装 OTRS：

yum install -nogpgcheck otrs-5.0.15-01.noarch.rpm

将安装软件包列表，例如。 Apache 和所有依赖项将自动解析，在输出结束时按 Y：

Transaction Summary
================================================================================
Install  1 Package (+143 Dependent packages)

Total size: 148 M
Total download size: 23 M
Installed size: 181 M
Is this ok [y/d/N]: y

要启动 Apache (httpd)，请运行以下命令：

systemctl start httpd.service

要在 Centos7 上使用 systemd 启用 Apache (httpd) 启动，请运行以下命令：

systemctl enable httpd.service

在 Apache 中启用 SSL 并配置自签名证书。为 Apache HTTP 服务器安装 Mod_SSL 模块，运行以下命令：

yum -y install mod_ssl

要生成自签名 SSL 证书，请转到以下目录：

cd /etc/pki/tls/certs/

并运行以下命令生成密钥（centos7.key是我的证书名称，随意更改）：

make centos7.key

umask 77 ; \ /usr/bin/openssl genrsa -aes128 2048 > centos7.key Generating RSA private key, 2048 bit long modulus .+++ .........................................................................................+++ e is 65537 (0x10001) Enter pass phrase: <Insert your Own Password>

Verifying - Enter pass phrase:<Retype the Password>

要使用 OpenSSL 生成服务器 SSL 私钥，请运行以下命令：

openssl rsa -in centos7.key -out centos7.key

Enter pass phrase for centos7.key: <Type the Password> writing RSA key

运行以下命令创建 CSR（证书签名请求）文件（centos7.csr 是我的证书名称，请随意更改）：

make centos7.csr

根据您的需要填写问题：

umask 77 ; \ /usr/bin/openssl req -utf8 -new -key centos7.key -out centos7.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----

Country Name (2 letter code) [XX]:

State or Province Name (full name) []:

Locality Name (eg, city) [Default City]:

Organization Name (eg, company) [Default Company Ltd]:

Organizational Unit Name (eg, section) []:

Centos7 Common Name (eg, your name or your server's hostname) []:

Email Address []:

Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: <press enter>

An optional company name []:

使用 OpenSSL 工具为服务器生成 CSR（证书签名请求）：

openssl x509 -in centos7.csr -out centos7.crt -req -signkey centos7.key

输出是：

Signature ok subject=/C=BR/ST=SP/L=Campinas/O=Centos7/OU=Centos7/CN=centos7.local Getting Private key

在我们编辑 ssl.conf 文件之前，使用以下命令制作该文件的副本：

cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.old

然后编辑文件：

vim /etc/httpd/conf.d/ssl.conf

找到以下指令，取消注释每个指令并像这样编辑它们：

SSLCertificateKeyFile /etc/pki/tls/certs/centos7.key

SSLCertificateFile /etc/pki/tls/certs/centos7.csr

SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

ServerName centos7.local:443

使用以下命令重新启动 Apache：

systemctl restart httpd

要强制 OTRS 在 https 模式下运行，请编辑以下文件：

vim /etc/httpd/conf/httpd.conf

在文件末尾，取消注释以下指令：

IncludeOptional conf.d/*.conf

编辑文件 zzz_otrs.conf：

vim /etc/httpd/conf.d/zzz_otrs.conf

在第 26 行之后（在模块 mod_version.c 之前）添加以下指令：

RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

重启阿帕奇：

[ ~]# systemctl restart httpd

要在 OTRS 中使用扩展功能，我们必须安装一些 PERL 模块。运行以下命令来安装它们：

yum -y install "perl(Text::CSV_XS)" "perl(Crypt::Eksblowfish::Bcrypt)" "perl(YAML::XS)" "perl(JSON::XS)" "perl(Encode::HanExtra)" "perl(Mail::IMAPClient)" "perl(ModPerl::Util)"

OTRS 系统有一个工具来检查 PERL 模块，像这样运行它来验证系统要求：

cd /opt/otrs/bin

并运行：

./otrs.CheckModules.pl

我们配置的输出必须是：

o Apache::DBI......................ok (v1.12) o Apache2::Reload..................ok (v0.13) o Archive::Tar.....................ok (v1.92) o Archive::Zip.....................ok (v1.30) o Crypt::Eksblowfish::Bcrypt.......ok (v0.009) o Crypt::SSLeay....................ok (v0.64) o Date::Format.....................ok (v2.24) o DBI..............................ok (v1.627) o DBD::mysql.......................ok (v4.023) o DBD::ODBC........................Not installed! (optional - Required to connect to a MS-SQL database.) o DBD::Oracle......................Not installed! (optional - Required to connect to a Oracle database.) o DBD::Pg..........................Not installed! Use: 'yum install "perl(DBD::Pg)"' (optional - Required to connect to a PostgreSQL database.) o Digest::SHA......................ok (v5.85) o Encode::HanExtra.................ok (v0.23) o IO::Socket::SSL..................ok (v1.94) o JSON::XS.........................ok (v3.01) o List::Util::XS...................ok (v1.27) o LWP::UserAgent...................ok (v6.13) o Mail::IMAPClient.................ok (v3.37) o IO::Socket::SSL................ok (v1.94) o ModPerl::Util....................ok (v2.000010) o Net::DNS.........................ok (v0.72) o Net::LDAP........................ok (v0.56) o Template.........................ok (v2.24) o Template::Stash::XS..............ok (undef) o Text::CSV_XS.....................ok (v1.00) o Time::HiRes......................ok (v1.9725) o Time::Piece......................ok (v1.20_01) o XML::LibXML......................ok (v2.0018) o XML::LibXSLT.....................ok (v1.80) o XML::Parser......................ok (v2.41) o YAML::XS.........................ok (v0.54)

要使用“otrs”用户启动 OTRS 守护程序，请运行以下命令：

su -c "/opt/otrs/bin/otrs.Daemon.pl start" -s /bin/bash otrs

要禁用 CentOS 7 防火墙，请运行以下命令：

systemctl stop firewalld

要禁止 CentOS 7 防火墙自动启动，请运行：

systemctl disable firewalld.service

使用以下命令启动 OTRS 守护进程：

su -c "/opt/otrs/bin/otrs.Daemon.pl start" -s /bin/bash otrsCron.sh

命令的输出必须是：

/opt/otrs/bin Cron.sh - start/stop OTRS cronjobs Copyright (C) 2001-2012 OTRS AG, http://otrs.org/ (using /opt/otrs) done

如果要检查 OTRS 守护进程状态，请运行以下命令：

su -c "/opt/otrs/bin/otrs.Daemon.pl status" -s /bin/bash otrsCron.sh

在 crontab 中配置 OTRS。将用户 root 更改为 otrs 并开始编辑 crontab：

su otrs

crontab -e

使用以下内容填充 crontab 并保存：

# --
# Copyright (C) 2001-2016 OTRS AG, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --

# Who gets the cron emails?
MAILTO=""
# --
# Copyright (C) 2001-2016 OTRS AG, http://otrs.com/
# --
# This software comes with ABSOLUTELY NO WARRANTY. For details, see
# the enclosed file COPYING for license information (AGPL). If you
# did not receive this file, see http://www.gnu.org/licenses/agpl.txt.
# --

# check OTRS daemon status
*/5 * * * *    $HOME/bin/otrs.Daemon.pl start >> /dev/null