Ebola¶
Ebola is the name of our Request Tracker instance and the VM it runs on. It is at https://ebola.acm.jhu.edu/rt.
Authentication to ebola uses Kerberos. You can use your tickets if you have configured your browser to do so. Or you can just give your password in the usual HTTP Basic Auth way and the server will check it against Kerberos.
Any task that the ACM needs to get done should be a ticket. So should any ACM project idea. And so should any physical item lent to the ACM by a member.
Authenticating using your tickets¶
See the section for the web browser you’re using.
Chromium/Chrome¶
AuthServerWhitelist needs to be set to *acm.jhu.edu
. (The lack of initial
dot is to allow this to work on acm.jhu.edu
itself should we ever put a
service there for which this is relevant.) There are a couple of ways to do
this:
- Exit the browser, then edit the file
Local State
(which is JSON) in your profile. In the dictionary with key"auth"
(add an empty one if there isn’t already one), add key"server_whitelist"
with value"*acm.jhu.edu"
. This is probably the best method for your own personal systems. - There is a way to force setting values, including this one, through systemwide policy files. We should deploy such a file on the desktops so chromium users get seamless RT login.
- You used to be able to pass the argument
--auth-server-whitelist="*acm.jhu.edu"
when starting the browser; you may find some documentation floating around out there mentioning this. This method has been removed in very recent versions (past about January 2015).
Iceweasel/Firefox¶
Go into about:config
and set network.negotiate-auth.trusted-uris
to acm.jhu.edu
.
The rt
Command Line Client¶
RT comes with a quite nifty command-line client (Debian has it in the
rt4-clients
package). Just put server https://ebola.acm.jhu.edu/rt
in your ~/.rtrc
and it’ll talk to ebola.
If you have the right packages installed (on Debian,
liblwp-authen-negotiate-perl
), it’ll even use your Kerberos tickets
instead of a password if you have a new enough version of the client
(probably 4.2.11, not yet out as of this writing, due to a nasty bug in
the support for this that just got fixed) and you put auth gssapi
in your ~/.rtrc
.
Type rt help config
to see what else you can put in your ~/.rtrc
.
There is also the systemwide /etc/request-tracker4/rt.conf
, which
is the route through which we’ll get this configuration onto the desktops.
The assets
Module¶
We have installed the assets module for RT. A portion of the postinstall script
failed; the make initdb
command defaulted to postgres as the database user
despite the config file (correctly) giving acm_rt
. To fix, I simply re-ran
the commands with the correct user and they worked. Also of note:
RT_Config.pm
is in /usr/share/request-tracker4/etc/
,
RT_SiteConfig.pm
is in /etc/request-tracker4/
, and the mason cache is in
/var/cache/request-tracker4/mason_data/
. Now you can track ball bearings to
your heart’s content. Please don’t.