If SELinux is active on the server that runs your TeamForge site, configure it to allow the services that
TeamForge requires.
Pre-requisites to set up the SELinux environment:
- TeamForge SELinux can be configured
only for the TeamForge Application
Server.
- In case of same hardware upgrade using RHEL/CentOS, it is recommended to upgrade
the OS to RHEL/CentOS 7.3 or later
versions.
Attention: Installing or upgrading
TeamForge
needs root privileges. You must log on as root or use a root shell to install or upgrade
TeamForge.
-
Verify SELinux mode using "getenforce" command. Do this if you have SELinux running in
"disabled" mode:
-
Stop TeamForge.
Note: Stop TeamForge on all the servers in a distributed setup.
- /opt/collabnet/teamforge/bin/teamforge
stop
-
Edit the file /etc/sysconfig/selinux and set
SELINUX=enforcing.
-
Turn off TeamForge startup on
boot.
-
Reboot the server and verify if SELInux is set to "enforcing"
mode.
-
Run the grep command to get the value of
rb_dir
and
rb_data_dir.
- grep rb_dir
/etc/reviewboard.properties
- grep rb_data_dir
/etc/reviewboard.properties
-
Run the following commands if Review Board is integrated with TeamForge.
- semanage fcontext -a -t
httpd_sys_rw_content_t
"<rb_data_dir>(/.*)?"
- restorecon -R -v
<rb_data_dir>
- semanage fcontext -a -t
httpd_sys_rw_content_t
"<rb_dir>(/.*)?"
- restorecon -R -v
<rb_dir>
- semanage fcontext -a -t
httpd_sys_rw_content_t
"/opt/collabnet/teamforge/var/home/apache(/.*)?"
- restorecon -R -v
/opt/collabnet/teamforge/var/home/apache
-
Before deploying services, remove pdk-root and
pdk-sf-admin directories.
- rm -rf /tmp/pdk-root
- rm -rf /tmp/pdk-sf-admin
-
Turn on TeamForge startup on boot.
-
Run the following command to switch SELinux to 'permissive' mode.
-
Deploy services.
- /opt/collabnet/teamforge/bin/teamforge
provision
The "provision" command prompts for response before it bootstraps or migrates
data during TeamForge installation and upgrade respectively. Enter "Yes" or
"No" to proceed. For more information, see The teamforge script.
-
Start TeamForge.
- /opt/collabnet/teamforge/bin/teamforge
start
-
Run the TeamForge post installation script.
- /opt/collabnet/teamforge/runtime/scripts/post-install.py
-
Run the following command to switch SELinux to 'enforcing' mode.
-
Fix the SELinux data permissions.
- cd /opt/collabnet/teamforge/runtime/scripts/
- ./fix_data_selinux_permissions.sh
Note: If your data directory is on a NetApp volume, you may observe some
warning messages which can be ignored safely.
-
Verify SELinux mode using "getenforce" command. Do this if you have SELinux running in
"permissive" mode:
-
Set SELinux to run in "enforcing" mode again.
-
Run the grep command to
get the value of httpd_user and httpd_group.
- grep rb_dir
/etc/reviewboard.properties
- grep rb_data_dir
/etc/reviewboard.properties
-
Run the following commands if Review Board is integrated with TeamForge.
- semanage fcontext -a -t
httpd_sys_rw_content_t
"<rb_data_dir>(/.*)?"
- restorecon -R -v
<rb_data_dir>
- semanage fcontext -a -t
httpd_sys_rw_content_t
"<rb_dir>(/.*)?"
- restorecon -R -v
<rb_dir>
- semanage fcontext -a -t
httpd_sys_rw_content_t
"/opt/collabnet/teamforge/var/home/apache(/.*)?"
- restorecon -R -v
/opt/collabnet/teamforge/var/home/apache
-
Restart TeamForge.
- /opt/collabnet/teamforge/bin/teamforge
restart
-
Fix the SELinux data permissions if and only if your site has been
upgraded to TeamForge 17.1. Skip
this step otherwise for fresh installation of TeamForge 17.1.
- cd /opt/collabnet/teamforge/runtime/scripts/
- ./fix_data_selinux_permissions.sh