Redmine: Email Configuration of Bitnami Appliance

If you need to configure Redmine so that it will send email notifications to users when they update issues, or projects this might be helpful configuration information. I’m using Redmine 0.8.7 as a Bitnami appliance running under OpenSuse 11.1.

The email configuration is located in this directory: /opt/bitnami/apps/redmine/config . What I recommend is that you copy the example configuration file from email.yml.example to email.ym, and edit the email.ym configuration file with vi. I didn’t see any of the more user-friendly editors like pico, or nano pre-installed on the appliance so you can install them, or just use vi… it really isn’t that difficult to use. If you need a good tutorial you can check out Wikipedia's vi info. In any event, edit the file using vi… “vi email.ym”.. Press “a” to enter edit mode and make the below changes, then press colon “:”, and type “x!” and hit enter to write and exit. If you made a mistake, and want to abandon your changes type “q!” and hit enter to quit. After you’re finished, just restart the Redmine services (or the server).

Also, make sure that your SMTP server is setup to either allow relay from the IP of your Redmine server, or make other arrangements for SMTP delivery.

Production:
delivery_method: :smtp
smtp_settings:
address: SMTPServerIP
port: 25
domain: yourdomainname.com
authentication: :login
user_name: ServiceAccountRedmine01
password: SavedPassword


Redmine LDAP Integration - Active Directory Configuration

After you have Redmine installed and configured to the point where you can log in - go ahead and do so. Browse to Administration>Settings>Authentication tab>LDAP Configuration (in the bottom right).

Before you go and start changing things here, there are a few things you should keep in mind that will save you some time. Realize that you can't do an anonymous bind to Active Directory. So, you need to actually specify a valid set of credentials for the service account. Now, I suppose they could have done something different here to reduce the configuration work... like relying on user login credentials and passing them to query AD. But in any event, you just need a normal domain user account should do just fine - anything that can query Active Directory. Why a domain account? Think about it another way... if someone plugged their laptop into your network, would they be able to query AD for user or computer objects? No... they wouldn't, because they'd be anonymous. Even if they knew your domain name, had a domain controller's IP address, the distinguished name, etc... no luck. So create a service account. Just FYI, my domain was at 2003 domain functional level.

As far as the Base DN - keep it simple... base DN means base. You probably don't want CN=users, or CN=MyBusiness, or anything like that. In my case, I specified DC=domain,DC=local. As for the the attributes, they all come right out of Active Directory... there's a bunch of places you could find these if you wanted to spend the time to find them. Or, there's a bunch of sites that already have this stuff listed (see the below for my config).

When you're specifying the attributes, keep in mind that you don't want any extra spaces (blank spaces) after the attributes. For instance, it should be 'SAMAccountName' (no quotes), NOT 'SAMAccountName '. If you add a space, it breaks. If you don't have those "optional" attributes, it breaks. Also - just FYI... if you're under Authentication, and trying to run a "Test" of authentication, and it say's successful - that doesn't mean it's actually working. You need to test Active Directory account logins from back on the main menu.

If you want to use on-the-fly account creation... you'll need to make sure all of your Attributes are set correctly and that within Active Directory the attribute fields actually contain data for your users. This is very important. For example, if you have a user trying to login, but their account has "First Name", and/or "Last Name", and/or "E-mail" address fields blank (like if you have a "test" user account) - automatic user account creation in Redmine will fail. On top of that - it's not very verbose about why it failed. So that might be something to file away in the back of your mind, so that when you find one account (or a group of accounts) somewhere that won't login - you can make sure to check that they have all of the Active Directory attributes specified (just open up Active Directory Users and Computers and check-out the user object that is having a problem).

My Settings:

• Name: YourDomainOrWhateverYouWant
• Host: IP address of a Domain Controller (name is probably best)
• Port: 389
• Account: Domain\ServiceAccountRedmine01
• Password: SavedPassword
• Base DN: DC=domain,DC=local
• Login: SAMAccountName
• First Name: givenName
• Last Name: SN
• Email: mail

Redmine BitNami Appliance Intro

I’ve been checking out Project Management platforms lately, and came across Redmine. It’s an open-source project management and issue tracking tool (e.g. bug tracking, feature request, etc.)using a Ruby on Rails framework, with support for multiple databases (MySQL, PostgreSQL, or SQLite). The core features like Project Management and Issue tracking look pretty good, and it includes some nice details like Atom feeds, e-mail notifications, a per-project wiki, basic time tracking, and LDAP support. According to Wikipedia, Redmine is heavily influenced by Trac – which appears to have been around a bit longer, and is fairly mature... probably worth checking out as well (plus Trac it’s written in Python).

In any event, if you’re coming at this from a Microsoft-centric perspective, you can think of Redmine as being “Sharepoint-like”, although by no means is it a Sharepoint-replacement. In working with Redmine a bit, one thing immediately apparent is that Redmine makes sense… the web-based interface is uncluttered, it’s easy to navigate and wrap your head-around. After digging in, you’ll find that there are components to the tool that are obviously still immature but as far as the core functionality goes – it’s there.

The other thing that’s kind of interesting is that I’m running the Redmine stack using a Bitnami appliance on my ESX cluster. The Redmine virtual machine is running OpenSuse 11.1. So far, the Bitnami-appliance experience has been good, and if you haven’t checked out any of their stacks, they're worth investigating. The appliances are fairly light with the excesses trimmed out (no GUI, etc.). Since getting this machine built-out, I also saw that Turnkey Linux also has an Ubuntu-based appliance with the Redmine stack. While I’ve worked with OpenSuse, and Ubuntu, my more recent experience has been Debian-centric so Ubuntu is probably the more natural fit. I’ll follow-up with some How-To posts based on my notes and work so far over soon.

AD-COIT Configuration Video

I've taken the questions and feedback that I've received on AD-COIT and put together this short video which shows how to download, install, and configure it.

To create the video, I actually setup a small network on an ESX box using an isolated vSwitch to connect a domain controller, and some virtual machines. This entire setup process shown in the video actually occurs from the domain controller, and demonstrates how to download AD-COIT, edit the LDAP path to reflect your environment (minute 1:12), how to run the script (minute 2:05), and then how to modify the script to echo the results to a text file (minute 3:12).

Let me know what you think!

VMware: Defrag Tips

Here are a few defrag tips when working with VMware ESX/ESXi.

1. Use your guest OS defragmentation tools to defrag VMs.
2. Always defrag your VM before you create a template.
3. Do not defragment a drive while a VM has snapshotting enabled (your VM will grow in size, and slow stuff down
   
4. Defragment before you take a snapshot
5. VMFS filesystems do not need to be defragged, because their block-size is large and VMDK's are pre-allocated.

VMware: Sound Support for remote desktop client and/or thinclients?

VMware ESX/ESXi does not have a virtual sound card device emulated. So there's no direct support for sound within VM's running on ESX/ESXi hosts. However, sound can be played on the remote desktop client if you've set your client to redirect and play locally (assuming your thinclient/remote desktop session supports sound). Keep in mind that if you have a Terminal Server, you need to enable the "Allow Audio Redirection" within the group policy for that machine.

Group Policy>Local Computer Policy>Computer Configuration>Administrative templates>Winows Components>Terminal Services>Client/Server data redirection>Allow Audio Redirection.

How-To: FreeNAS SAN on ESXi

Just a quick how-to, as a follow-up to my last post.

1. Add Disks (Disks>Mgmt), add 2 (RAID1), or add 3+(RAID5).
2. Format the disks you just created (Disks>Format, Choose the 1st disk, set the FileSystem to SoftwareRAID, click Format, Disks>Format, Choose the 2nd disk, set the FileSystem to SoftwareRAID, click Format).
3. Create RAID Level (Disks>Software RAID> RAID1, Select both disks created in step)
4. Format the RAID as an EXT2 file system (if you don't do this, you're going to get an error when you create the mount point. VMware ESXi will want the EXT2 filesystem... but you can then format it after it's been mounted to whatever you want. This includes if you're just adding storage capacity to a Windows system and using the initiator to mount this as a mount point. It's easiest to format the RAID EXT2 initially, and then do whatever you want later).
5. Create a mount point (Disks>Mount Point, MBR1 type, and records your mount point .. e.g. /dev/mirror/Raids1).
6. Unmount RAID if need be (Disks>Mount Point>Mgmt Tools>Tools tab, unmount).
7. Add the iSCSI target (Services>iSCSI>Add New Extent, Skip the Device, Add New Target)
8. Now you can mount this target on a Windows Server (Download and Install Microsoft iSCSI Initiator, Discovery Tab, add the IP address of the FreeNAS serverm... Computer, Manage, Delete the new partition that is now visible, and create a new NTFS partition, and Quick format it).

Using FreeNAS as a SAN for an ESXi demo

I recently had to do a virtualization demo for a client. The need was to show a particular application stack running under ESXi, using storage mounted from a SAN. This all needed to be portable, inexpensive, and completed quickly. The requirements limited me to stuff I could find quickly, and that would work. As such, I really only considered FreeNAS, OpenFiler, and Windows Storage Server since they were all readily available.

I ended-up using FreeNAS, and was actually quite impressed. FreeNAS runs the FreeBSD distribution, and interestily, like pfSense (another favorite of mine), it too is based on Monowall. What worked really well for me, was that FreeNAS is downloadable as an ESX virtual machine - which meant I could just download it and run as a VM inside an existing ESXi host. After getting it fired-up on "serverA", I stepped through the base configuration, got some storage carved out and exposed via iSCSI, and then just mounted it up inside a different ESXi machine (serverB). After doing do, I was able to copy my pre-configured VM's to the newly created datastore. I fired up my VM sessions on "serverA", they used the FreeNAS storage provided from serverB, and I had my portable demo environment. I'll follow-up with the steps I used to setup and expose the storage.

What's new?

I realize that I've been short on posts lately. Actually, the entire first half of the year has been pretty lite on content. Well, the good news is that I've been been consumed by the volume of work we've had - business is good despite this economy. Going forward, I'll certainly make an effort to post more, but I have to make hay while the sun shines, and my primary commitment is work that generates revenue.

While I'm on the topic of good news, let me share some of what's been going on. The past quarter was the best on record. Growth in my segment was 49% relative to the same quarter last year, margins and utilization remain consistently high, and we're capturing more work than ever. What else? Well, you probably wouldn't know from looking at my recent posts, but I'm neck-deep in virtualization. Every major project that we've executed in the past 8 months has been virtualization-centric. For the niche that we serve, our edge in virtualization is one of the biggest reasons we're winning work. The competition has almost zero virtualization expertise, and we're just plain beating them... be it on price, features, or experience... we're winning.

All that being said, we're rapidly exceeding our bandwidth - be it staffing, storage, VM capacity... it's growth across the board. These are all good problems to have. So whats up next? More growth. Continued hiring. And upgrades to internal infrastructure. 2009 is shaping up to be an interesting, and exciting year for us.

Mounting a remote SSH file system in Ubuntu... for Windows Admins

If you're somewhat new to Ubuntu or Linux you might be looking for a way to mount something like a file share the way we would a network drive in Windows. You know... mount a Z: drive, and then browse, and modify the contents of that drive as if it were local. Well, because Ubuntu is really friendly - you probably don't have to learn a whole lot to actually start getting useful things accomplished (in Ubuntu, Places>Connect to Server gives you most of what you need). But – did you know you can also securely mount a remote file system via SSH and have it look and feel local? Or perhaps you don't know what SSH is. If this is you – then check out this mini how-to. Nothing in here is particularly difficult... but there's enough here and linked-up to more expansive how-to's as to possibly be eye-opening for you.

What do you get out of following this tutorial?

You get a secure Linux alternative to a Windows network drive mapping that works works well... especially over slow connections (VPN tunnels, modems, etc.), and that you can essentially treat as a local resource. After that, you can do even more useful stuff like use grsync/rsync to replicate differences between directory structures. If this is all new to you, you'll also get some useful exposure to openssh, scp, Putty, and SSHFS.

How-To

1. Install the openssh server and client on the server, and the client on the client. Just use “sudo apt-get install openssh-server openssh-client”.... Like this

2. Install putty on your client (this isn't strictly necessary - but useful for troubleshooting)...

   1. 'sudo apt-get install putty'.

3. On your server, consider changing the the default port in SSH from 22 to something else (like 512).

   1. 'sudo editor /etc/ssh/ssh_config"... change the 'port 22' to 'port 512'... then issue a restart of ssh... 'sudo /etc/init.d/ssh restart'.

4. If you're using a firewall on the server, make sure you open that new port you just created in the previous step.

   1. If you're using"firestarter" in Ubuntu, open Firestarter ( System>Administration>Firestarter). Go to policy, and add an "inbound traffic policy" and let that new port (e.g. 512) in from your network (or perhaps something more restrictive that makes sense).

5. Putty on your client (from a shell, just type 'putty'). Now determine the IP address of your host server, and point putty at it, on the correct port and connect. It will prompt you for credentials... now you have remote telnet-like access to the remote box. In other words, all we're doing here is proving to ourselves ythat the "server" from earlier steps is actually working correctly.

6. For good measure, try doing a scp from your client to the server (learn how SCP works).

   1. 'scp -p 512 /home/username/somefilethatexists.txt username@remotehostIP:/home/path/NewFileOnThisSystem.txt'.

   2. In the above, I'm specifying 512 for my port, and the username@remotehostIP is me forcing the right username... if I didn't do this, it would automatically attempt to use the username of the currently logged-in account on the client .

7. At this point you've more than proven that everything works right (steps 5, 6). So the last steps are mounting and using that remote filesystem. The credit for the remainder of this goes to this older post by Carthic... but my cliffnotes follow below.

8. Install sshfs ('sudo apt-get install sshfs'... note that this auto installs fuse as well).

9. Now create the mount point on the client ('sudo mkdir /mnt/remotecomputer', and make yourself the owner... 'sudo chown yourusername /mnt/remotecomputer')

10. Now add your username to the fuse group that was auto-created in step 8.

    1. 'sudo adduser yourusername fuse'. Or in Ubuntu, System>Administration>Users and Groups

11. Log-out and log back in (users can't run the fuse binary).

12. Finally - just mount that SSH filesystem off of the mount point you created earlier...

    1. "sshfs -f -p 512 username@ipaddress:/home/path /mnt/remotecomputer".

    2. It will prompt you for a password... type it, and now you can browse the file system of the remote server by doing an "ls /mnt/remotecomptuer" from your client. The remote file system works just like it's local... you can open and edit those remote files modify them locally and when you save them, they save to the destination server.

Now that you've got everything working correctly, you can do fun stuff like setup grsync/rsync if you actually want to replicate files from the “server” to your client (perhaps for doing easy backups over the WAN)... or if you didn't have exposure to SSH until now, you've got an easy to do remote control. Hope you found this interesting and useful.